And another thing 68
by Jon Honeyball
Jon Honeyball blows his stack on to developers who don’t sign their code.
HardCopy Issue: 68 | Published: February 26, 2016
There are not many things that make me blow my stack, but when it goes, it goes with a bang. And you really don’t want to be near me when it happens.
Once such thing is code signing. Now, given that I am talking here to a group of educated, sensible software developers, I’m certain (or at least hopeful) that all of you are asking, “What problem?” And of course I’m sure that my wrath would not be directed at your shining beauty of an application, or device driver, or some other code.
But there is a whole class of developers out there who simply haven’t got the message. Yes, this might seem somewhat surprising, given that it’s 2016 and not 1993. But it is true. A whole bunch of developers still seem to believe that it is perfectly alright to ship production code where the installer is not digitally signed.
Windows Mobile 10
I am actually quite sad at the news that Microsoft Mobile 10 (or is it Windows 10 Mobile, or Windows Mobile 10 – or is it still CE? Who knows?) is in trouble. Despite Microsoft throwing eye watering amounts of cash at attempting to keep at least the Nokia brand alive (although the staff were not quite so lucky), the market share continues to plummet. According to recent Microsoft figures, its share of the global market is now just 1.7 percent which, although the share in the UK and the rest of Europe is higher, is still pretty shocking.
This would not matter if it was a fixed function device, but smartphones live and die by their third party developer engagement, and not many are going to want to dig deep into their pockets for something with a 1.7 percent share of the global market. It doesn’t matter that Microsoft is bravely attempting to bring a unified development environment for both Windows on desktop, Windows on tablet, as well as Windows Phone; it is clearly not enough to ignite the sales.
What to do? Well, there is something to be said for keeping Windows Mobile alive until the next big thing comes around the corner, and then hoping that the nascent platform can be shoehorned into that space. But I don’t think that will actually work.
The reality is that Windows Mobile didn’t answer any questions that other platforms had already answered. Impressive technology like Continuum is all fine and good, but should have been here for the release of Windows 8. It’s all simply not enough, too ‘me too’, and neither the public nor the corporate buyer seems to be swayed.
I would be hugely impressed if Microsoft bit the bullet and admitted that delivering more of what Android and iOS already does is not the answer. It has to redefine the question.
This shouldn’t be that hard, as neither of the majority platforms does a strong, innovative job at helping me run my day. They are both backwards looking, not thinking about helping me with my day-to-day issues. How about answering the question of “I was talking to Bob, or was it Mary, around two weeks ago regarding the North Sea Oil issue. Tell me what we decided and when?” It has to detach content from its restrictive applications silos, join it together irrespective of whether it was a phone call, an SMS, a Word document or some Twitter chatter, and massively leverage AI technologies. It is madness that I cannot even say to my device “I was looking at some web page a few weeks ago about tulips. Find it again for me.” Are we really limited to URLs as a meaningful history in 2016? I have 128GB of storage in my iPhone – is this the best we can do to use that space?
Give me a smartphone that is truly smart, and not just “faux desktop” or app-hell-on-earth, and I will take notice. Give me something that really seamlessly makes my day better, and I will buy one and try it. Giving me more of the same is not enough. That was how things were in the 1990s, when we were exploring the wild frontiers of software development; where every new feature was met with glee and excitement. Today I expect it to help me work: to do my stuff for me. Tomorrow, I expect it to be invisible, and just work at making my human frailties less annoying. That is a Windows Mobile platform that will have me pushing aside my iPhone 6S Plus and my Samsung Galaxy S6.
Oh yes, I can hear your laughter now. No-one would seriously think of doing this today. No-one writing application code that mattered. Or was expensive. Or which was supplied with state-of-the-art hardware where the software was a requisite and integral part. No, of course not, it wouldn’t happen.
But it does; and it happens with surprising regularity. Let’s start with a particular bête noir of mine – scientific and engineering software, especially that which comes with specialist hardware. Said hardware is often absolutely state of the art, doing really amazing things. But the software is thrown together by the hardware developers. Often it would be unfair to claim that said software was released. ‘Escaped’ might well be a better term.
Said software is often grotesque in its operation. It is opaque, often has user interfaces that defy gravity and cause more heartache and pain than is even reasonable to inflict on a dead cockroach. Worse still, you tend to discover this after you have purchased said hardware and are trying to get it to work.
When you click on that installer package, you expect it to work seamlessly and correctly. You do not want to see an installer dialog box telling you that the software was written by a publisher called ‘Unknown’. Now you might not think that this is a big deal. But digitally signing the installer tells the customer two things: that it came from the place they think it came from, and that it hasn’t been tampered with at some point. That a hacker hasn’t got into the distribution web server, unpacked the installer, dropped in some malware, and then rebuilt the installer to hide the evidence.
Now, please dear developers, put up your hands if you think that authenticity and traceability of your code is somehow not important. That it really doesn’t matter, that your customers don’t care. Good, none of you did because none of you are quite that stupid.
Let’s be clear – I am mad as hell about this. Unsigned installers should put a product straight into the box marked ‘Not of merchantable quality’. And the sooner someone like Trading Standards brings a legal case on these grounds, the better for everyone.
Only yesterday, I met with the UK representative of a Dutch company. They make very high end signal generator equipment which cost me thousands of pounds, and which requires a Windows application to run. The app is not digitally signed. Let’s leave aside the fact that the glory of the hardware design is matched by the cornered dog nature of the Windows control application, but the installer is unsigned too. Apparently the company views the code signing process as being, and I quote, “Too difficult, too complicated, too expensive and taking way too much time.”
The temptation to shake them by the throat was hard to ignore. But I did my best. I will be meeting the developers soon at a trade show. I doubt they have any measure of how I can use politeness as an offensive weapon, as another product manager discovered last year at another such show.
I will be polite with my use of terms like “incompetent”. The reality is that Microsoft ships perfectly usable tools to make this work, and has done for a very long time. We know this is true, because almost everyone else manages to make this work just fine, from the smallest one man band to the largest corporate. And if they can do it, it cannot be “too difficult, too complicated, too expensive and taking way too much time.” The same goes for code signing for OSX – I am fed up with OSX telling me that the publisher is unknown and that I ought, quite rightly, to be cautious.
But… but… remember me just now saying “from the smallest one man band to the largest corporate”? I am still in quite exquisite agony with the anger reserved for Dell who managed to ship a UEFI upgrade for my shiny brand new XPS13 laptop – yes, an entire firmware upgrade Windows application – without digital signing just before Christmas. In the case of a global company, it beggars belief that their code generation, signing and checking process is that broken. But at least Dell manages to get it right, most of the time, without sitting on its hands whingeing about how hard it is.
Code signing, in all forms, is not optional. It’s not something you slap on at the last minute. It is absolutely part of the development process, and it must be part of the code release process. If you want your application to carry on looking like malware written by a bunch of incompetent fools, then just keep trundling on with your head in the sand. It isn’t hard to code sign, and even if it was, I have no sympathy. Your customers deserve better, and they soon will be demanding nothing less.