The Daily Parker

Politics, Weather, Photography, and the Dog

Bug report: Garmin Venu - Usability - High severity

Summary: When displaying a notification over a paused activity, swiping down will delete the paused activity instead of the notification, without an Undo feature.

SeverityHigh (accidental but irrevocable data loss)

Steps to reproduce:

  1. Take a PTO day to enjoy a 7-hour outdoor exercise.
  2. Start the exercise on the Garmin Venu device.
  3. Spend 82 minutes in the exercise.
  4. Press Button A on the Venu to pause the activity. The activity will show as Paused, with a Discard (X) indication on the top of the display and a Save (check) indication on the bottom.
  5. Have a friend innocently text you about a nonessential matter. A notification shows up on the Venu display.
  6. As you have done thousands of times before, swipe down to dismiss the notification. The activity is deleted, but the notification just stays there, mocking you.
  7. Stare at the device for a moment in stunned silence.
  8. Frantically swipe up on the device to try to undo the deletion. Nothing happens because there is no Undo feature for this action.
  9. (Omitted)
  10. (Omitted again, but this time with reference to the usability engineers at Garmin who apparently forgot the rule that inadvertent data loss must never happen.)
  11. (Omitted once more, but this time with reference to said engineers' standardized test scores, parentage, and general usefulness to humanity.)
  12. Begin drafting a strongly-worded bug report to share with the above-mentioned Garmin usability engineers.
  13. Spend the next five and a half hours trying to calculate split times without knowing for sure that the first activity was 82 minutes, not 75 or 90.

Device details: Garmin Venu, SW version 6.30, API version 3.2.6

Welcome to autumn

The first day of autumn has brought us lovely cool weather with even lovelier cool dewpoints. We expect similar weather through the weekend. I hope so; Friday I plan another marathon walk, and Saturday I'm throwing a small party.

Meanwhile, we have a major deliverable tomorrow at my real job, and Cassie has a routine vet check-up this afternoon. But with this weather, I'm extra happy that I moved my office to the sunroom.

End-of-summer reading

Only about 7 more hours of meteorological summer remain in Chicago. I opened my windows this afternoon for the first time in more than two weeks, which made debugging a pile of questionable code* more enjoyable.

Said debugging required me to put these aside for future reading:

Finally, one tiny bit of good news: more Americans believe in evolution than ever before, perhaps due to the success of the SARS-COV-2 virus at evolving.

Goodbye, Summer 2021. It's been a hoot.

* Three guesses who wrote the questionable code. Ahem.

Facing limitations of security software

Via Bruce Schneier, researchers have developed software that can bamboozle facial-recognition software up to 60% of the time:

The work suggests that it’s possible to generate such ‘master keys’ for more than 40% of the population using only 9 faces synthesized by the StyleGAN Generative Adversarial Network (GAN), via three leading face recognition systems.

The paper is a collaboration between the Blavatnik School of Computer Science and the school of Electrical Engineering, both at Tel Aviv.

StyleGAN is initially used in this approach under a black box optimization method focusing (unsurprisingly) on high dimensional data, since it’s important to find the broadest and most generalized facial features that will satisfy an authentication system.

This process is then repeated iteratively to encompass identities that were not encoded in the initial pass. In varying test conditions, the researchers found that it was possible to obtain authentication for 40-60% with only nine generated images.

The paper contends that ‘face based authentication is extremely vulnerable, even if there is no information on the target identity’, and the researchers consider their initiative a valid approach to a security incursion methodology for facial recognition systems.

Hey, humans have evolved for 20,000 years or longer to recognize faces, and we make mistakes all the time. Maybe security software just needs more time?

Welcome to August

While I look out my hermetically-sealed office window at some beautiful September weather in Chicago (another argument for working from home), I have a lot of news to digest:

And finally, Jakob Nielsen explains to web designers as patiently as possible why pop-ups piss off users.

We're dumb, but we're not that dumb

Two sad-funny examples of how, nah, we're exactly that dumb. The first, from TDWTF, points out the fundamental problem with training a machine-learning system how to write software:

Any ML system is only as good as its training data, and this leads to some seriously negative outcomes. We usually call this algorithmic bias, and we all know the examples. It's why voice assistants have a hard time with certain names or accents. It's why sentencing tools for law enforcement mis-classify defendants. It's why facial recognition systems have a hard time with darker skin tones.

In the case of an ML tool that was trained on publicly available code, there's a blatantly obvious flaw in the training data: MOST CODE IS BAD.

If you feed a big pile of Open Source code into OpenAI, the only thing you're doing is automating the generation of bad code, because most of the code you fed the system is bad. It's ironic that the biggest obstacle to automating programmers out of a job is that we are terrible at our jobs.

I regret to inform the non-programmer portion of the world that this is true.

But still, most of the world's bad code isn't nearly as bad as the deposition Paula Deen gave in her harassment suit in May 2013. This came up in a conversation over the weekend, and the person I discussed this with insisted that, no, she really said incredibly dumb things that one has to imagine made her attorney weep. She reminds us that the Venn diagram of casual bigotry and stupidity has a large overlapping area labeled "Murica."

Just wait for the bit where the plaintiff's attorney asks Deen to give an example of a nice way to use the N-word.

I will now continue writing code I hope never winds up in either a deposition or on TDWTF.

How to screw up both time *and* money

Credit-card processing company Worldpay mixed up two fields in a batch on Tuesday (that they mixed up with a batch from April 18th), resulting in hilarious (in retrospect) errors processing charges from the Brighton Palace Pier in southern England. How do we know the error involved April 18th, you ask? Try to guess:

One woman who had visited the attraction in April told of her surprise on the morning of 24 June when a text message from her bank informed her that her account was overdrawn. She discovered that £2,104.18 had been taken on Wednesday by Brighton Palace Pier in what was described as a “deferred payment.”

Ah, haha, ha. I did spend about four minutes pondering how the process failed, as Worldpay claims the error actually occurred Tuesday of this week, but I have my own code to fix before I start debugging someone else's today.

Head to desk. Repeat as needed.

I spent nearly three days debugging a configuration issue that I resolved by simply deleting the wonky Azure App Service and rebuilding it from the CI pipeline. It's hard to find a real-world analogy. The total time required to simply start over (given the automation we've spent two years building) was less than an hour, meaning had I done that Thursday morning, instead of trying to fix the unfixable problem, I'd have saved myself a net 22 hours of grief.

Blarg.

The world still spins

As much fun as Cassie and I have had over the last few days, the news around the world didn't stop:

Finally, journalist Jack Lieb filmed D-Day using a 16mm home movie camera, which you can see on the National Archives blog. It's really cool.

Can't find app with name "<function-name-here>"

I hope this helps someone else having this problem deploying a .NET function to Azure App Services.

At my day job, we created a new Azure directory and subscription for my group's product. As the product has gotten closer to release, we realized we needed a more complete separation from the company's Azure assets and our group's. So far, so good. I had some annoyances updating our deployment pipelines, but nothing I hadn't expected.

Then I tried to deploy our one function app. I followed the basic script in PowerShell:

Import-Module Az
Connect-AzAccount
CD c:\source\solution\project\bin\Debug\net5.0\
func azure functionapp publish function-name-dev

The script failed with: Can't find app with name "function-name-dev"

Undeterred, I modified the script:

Import-Module Az
Connect-AzAccount -Tenant 'guid' -SubscriptionId 'guid'
az account set --subscription 'guid'
CD c:\source\solution\project\bin\Debug\net5.0\
func azure functionapp publish function-name-dev

Same result. Googling and searching through Stack Overflow didn't help either. After a lot of experimentation, I finally got an error message that pointed me down the correct path, but only when I tried to create a new function app in the same subscription:

The following tenants require Multi-Factor Authentication (MFA). Use 'az login --tenant TENANT_ID' to explicitly login to a tenant.

And that was the solution. My new script, which worked fine, now looks like this:

Import-Module Az
Connect-AzAccount -Tenant 'guid' -SubscriptionId 'guid'
az login --tenant 'guid'
az account set --subscription 'guid'
CD c:\source\solution\project\bin\Debug\net5.0\
func azure functionapp publish function-name-dev

I may refine it further as I may have some redundancies in there. But I have now deployed the function app and tested it, much to my satisfaction.