Facebook Ad’s Massive Design Bug

In mid-September ProPublica published an article proving Facebook’s advertising system helped them market to people who expressed interest in radical and racial topics:

“Want to market Nazi memorabilia, or recruit marchers for a far-right rally? Facebook’s self-service ad-buying platform had the right audience for you.

Until this week, when we asked Facebook about it, the world’s largest social network enabled advertisers to direct their pitches to the news feeds of almost 2,300 people who expressed interest in the topics of “Jew hater,” “How to burn jews,” or, “History of ‘why jews ruin the world.’” Published September 14th, 2017

Turns out it was technically possible to use Facebook ads to target users claiming to be anti-semitic. This same system could perhaps be used by Russians to target American Voters but that’s a whole other thing. Facebook’s ad system allows advertisers to type categories of users they’d like to target as an input field and then an automated matching system will check those user supplied categories (full or parital) with ones Facebook already had like this:

Aside from the moral and ethical problems of targeting users and groups this way, from a software perspective we might classify this as a design bug. Unlike a coding bug where the program behaves in a way the programmer didn’t intend, a design bug is when the program behaves in a way the programmer did intend but stakeholders don’t like it. In this example Facebook’s ad system was behaving as it was programmed but in a way that was HIGHLY questionable to many stakeholders like advertisers, advertisees, journalists and now federal authorities.

Design Bugs

Design bugs are some of the most common types of bugs developers (testers) find. They are are often caught by questioning the system, approach, design, requirements, et .al in a holistic way. In cross functional and agile teams I’ve found this is easier because you can take a step back to look at the bigger picture with many of the original decision makers. Going through the implications of those decisions as a mental exercise will often expose a bug or two that can be then addressed in the near future.

To help in questioning design bugs, try to:

  • Find a set of scenarios or circumstances that showcase your concerns
  • Make those concerns as costly or annoying as possible
  • Find places outside of the program where users will be impacted

For those familiar with the RIMGEN bug reporting mnemonic, you might notice some similarities, although with a different emphasis.

We (all software developers) introduce design bugs all of the time with the justification of it “works as designed”. Most times the design of a system is’t so damaging. Sometimes it is incredibly.[highlight]This lesson seems worth keeping in mind. [/highlight]

Other Things:

  • You can see Facebook’s response here.
  • Benedict Evans suggested this was more of an exploit and programmers (I say all software developers) should consider what happens when users are evil. This is probably a valuable approach. I often take the approach of “anything you allow me to do I will do”. In other words, give me enough room to hang myself and I will.

A RubyGems SSL cerificate solution

The Problem

Early last month I was trying to update some gems on my MBP and ran into an SSL error:

ERROR: While executing gem ... (Gem::RemoteFetcher::FetchError)
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://api.rubygems.org/specs.4.8.gz)

In typical fashion I ignored the error and tried updating RubyGems (the package manager). That failed with the same SSL message. Additionally we run our automated tests as part of our continuous build process (which also uses RubyGems) and eventually this SSL problem resulted in TeamCity build errors:

rubygems-ssl-error

Upon further debugging I found an error similar to the above error:

ERROR: Could not find a valid gem 'bundler' (>= 0), here is why: [22:36:17][Step 1/3] Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://api.rubygems.org/specs.4.8.gz) [22:36:17][Step 1/3] Process exited with code 2

Apparently RubyGems updated their SSL certificates which broke any and all gem updates from then on out. Luckily I found a thread (someone filed a bug) on RubyGem’s GitHub repo.

The Solution

The solution however was a bit different depending for Windows (TeamCity) and MacOS (MBP). On my Mac I was able to use RVM to update the SSL certs using these commands (line 1 & 3):

Apparently on Windows you can’t just update the SSL certs; instead I had to re-install RubyGems. Simply re-download the latest version of RubyGems, go into the folder (for me it was installed at C:\RubyGems-2.6.3) and then run ‘setup.rb’. That was it!

I can understand the need to upgrade SSL certificates; it’s just a pain. Hopefully this makes it easier for others.

Selenium-WebDriver 2.53.x not working with Firefox 47 and beyond

The problem

I’m used to running selenium tests against Firefox locally (OS X Yosemite and now MacOS Sierra) both from the command line using RSpec and when using a REPL like IRB or Pry. I don’t use FF often so when I started having issues I couldn’t remember how long it had been since things were working. The problem was pretty obvious. The browser would launch, wouldn’t accept any commands or respond to Selenium and then error out with the message:

Selenium::WebDriver::Error::WebDriverError: unable to obtain stable firefox connection in 60 seconds (127.0.0.1:7055) from /usr/local/rvm/gems/ruby-2.1.2/gems/selenium-webdriver-2.53.0/lib/selenium/webdriver/firefox/launcher.rb:90:in `connect_until_stable’

This occurred for Selenium-WebDriver versions 2.53.0 and 2.53.4. It also seemed to occur for Firefox versions 47, 48, and 49.

The solution

Downgrade to Firefox 45.0 Extended Service Release (ESR).

I’m not the first one to post about the upcoming changes and lack of support for Firefox 47+. I probably deserve the error message for not paying more attention to the upcoming changes and will certainly look forward to implementing the new MarionetteDriver.

Recognizing a problem in eBay’s iPad app

I’ve been buying and selling things on eBay for more than a decade. Naturally in the last few years I’ve spent more time on the iPhone app but for some reason I wasn’t using the iPad app. I figured it was time, so I installed the eBay app, logged into my account and went to the selling page to view my active auctions. The photo below is what I saw:

eBay iPad

Immediately I recognized a problem.

Do you see it?

On this selling page there is nothing to tell me how many bids each auction item has, assuming they have any, or if any auction will be sold. Another way to look at it: I can’t tell which auction items are going to make me money!

Confusing matters is the use of black and red colors for the current prices. Does red mean the item won’t sell? Does black mean it will? No, that doesn’t appear to be the logic. Only two of my items have bids – the third item (shown in black) and the last auction item (also shown in black). So why do the non-selling items have colors of red and black? Like I said, confusing.

Identifying problems like this can seem obvious when you have sufficient experience with a product (or someone explains it) but even without help there are ways to identify and evaluate problems such as this. All we have to do is find an oracle (a way to recognize a problem) and do some testing (perform an investigation). When reporting and evaluating problems like this I like to use the collection of consistency oracles by James Bach and Michael Bolton. You should be able to follow along fine with the rest of this essay if you’ve never seen list but it’s worth a read.

After evaluating the list of oracles I want to call attention to the ones I think help highlight the problems with the iPad app. The order below is based on my observations of the problem as I came across them. It just happens the evidence becomes stronger and more convincing as we work through the list.

  1. Inconsistent with user’s desires
  2. Inconsistent with purpose
  3. Inconsistent within product

Inconsistent with user’s desires

I think it’s reasonable to expect eBay sellers with current listings, will want to know how many of those listings have bids and if they’ve met the minimum criteria for completing the sale including reserve amounts, number of bids, etc. In fact I’d bet that’s one of the most important pieces of information they’d want to see because it’s what I wanted to see.

Wait a minute, can’t a user click on every single auction item and view more details? Yes. Assuming the user is like me and only selling a few items it’s probably a fine work-around. However, what if you’ve listed a hundred or a thousand items like eBay PowerSellers and businesses do? Do you think it’s reasonable to expect them to click on every single auction? I don’t; it defeats the purpose of the selling view.

User desires can be a hard argument to make on its own. Unless we knew eBay valued this as a high-risk area or we found it affected a large number of users, we probably need to do more research to back up our argument.

Inconsistent with purpose

I think the explicit purpose of the selling page is to help eBay sellers monitor auction items and complete sales. In fact this is what I use it for. Typically with auction durations of more than one day I will glance at each listing once per day by going to the selling page (pictured above). When the auction duration gets to be under 24 hours I will visit the page far more frequently.

Additionally by using different colors for the price of an auction that will sell vs. one that won’t, eBay can quickly identify the status of each listing item. For example if green meant an auction would sell and red meant it wouldn’t, I could easily scan through my selling page and implicitly understand how things were going. From there I could make adjustments if needed.

Since the iPad app shows the same color for auctions that will and won’t sell and because I can’t monitor my auction sales at a distance I think the sellers page is inconsistent with it’s purpose. Given my experience with the eBay product as a whole I also know it’s inconsistent with the larger eBay product.

So far we’ve covered two inconsistencies, two ways we can identify the problems I came across. In both I’m arguing, based on my experience, I understand what a user wants (as a user myself) and I understand the purpose of the product. If both of these inconsistencies sound similar that’s ok because in this case they happen to. They won’t always.

Other than my experience I don’t have much data to back up our argument. I could do more research on the product, look for claims, marketing materials, and interviews with experts that would add more evidence to our argument but let’s focus on the last inconsistency.

Inconsistent within product

As I mentioned before I’m a long time eBay user through eBay.com and the iPhone app. Though eBay.com and mobile apps may seem like separate products they are in fact different ways of gaining access (think distribution channel) to the same product, the eBay platform. This means we can look to those channels when thinking about product consistency.

In my mind, even though the iPad app fails to fulfill its users desires and purpose it is most obviously inconsistent with other aspects of the eBay product. Here’s the same seller’s view on the eBay iPhone app:

eBay iPhone seller view 1

eBay iPhone seller view 2

Observe any differences?

The iPhone version shows a similar layout but with a few important differences:

  1. The iPhone app lists the number of bids on each listing right away. I don’t have to go to any other detailed view to get this information (also re-affirms it’s importance).
  2. The current price is color coded in a way that fits with our normal assumptions – green means a listing is going to sell and red means it won’t. This makes it far easier for us to monitor our current auctions at a glance and it fulfills it’s purpose better than the iPad app.

If we were to compare either mobile app to eBay.com, we’d see the sellers page is only consistent with the iPhone app. This is the strongest evidence we’ve found that points to problems with the iPad app. It’s a far more credible argument than the others because it seems likely eBay would want it’s iPad channel consistent with its others (eBay.com and iPhone app). Without doing much additional research we’ve found a way to explain to eBay stakeholders that these problems exist and are bad.

Closing Thoughts

Usually I report problems so they get fixed. Yet identifying, evaluating and then describing a problem in such a way it convinces someone else of its importance isn’t as simple as you might initially think. If I did this well I’ve convinced you, the reader, there’s a problem with the selling page of the iPad app.

Now all I have to do is file the bug with eBay and delete my eBay iPad app. Why delete the app? Well I’ve been trying to sell things on eBay for the past month and given its problems there’s very little value in me using it.

References

How not to welcome a new customer

Way back in October of 2008 when I launched My Technology Fetish I intended to use WordPress as the blogging platform while using the Mac Mini I owned as the server. It didn’t take long to realize I didn’t know what I was doing (or how to install mySQL navigating a Linux command line in OS X) and I bailed out by setting up with Blogger.

Blogger is a fine blogging platform. Its free and effortless to setup. Yet its’ not very customize-able, has no developer community building cool gizmos, gadgets or templates and I get bored with bad designs rather quickly. If you’ve paid attention over the years this site has gone through a lot changes. At some point in the future I will migrate this site from Blogger to WordPress but in the meantime I’ll start with Chris Kenst.com and later merge in Search N Recovery.

I decided to find a web hosting company that specializes in WordPress hosting and at the recommendation of a friend chose iPage. (Matt you owe me lunch once you get that Affiliate credit!) iPage offers unlimited domain hosting, unlimited disk space, unlimited bandwidth, etc. and the service was promotion-ally cheap. What could go wrong you say?

After signing up I chose to pay for 3 years of service (the promotion pricing was tied to pre-payment) using PayPal. Upon paying I get an error saying “something failed” while trying to process my PayPal payment. I love helpful error messages. So I try again. This time the payment process appears to be successful but I don’t get a welcome or thank you or confirmation page, instead iPage throws a 500 error. Welcome new paying customer! (Is the sarcasm coming through?) I had to log into PayPal to verify the money was deducted before I knew my sign up was complete.

A few minutes later I got an email with log-in information and an order confirmation. The amount listed on the order was incorrect (the PayPal invoice was correct) because it showed the rate of the plan I selected but not the extra feature which had a small additional cost. Great… Well at least my account was now ready, right? Wrong. When I tried using the log-in information from the email to access my account I got log-in errors. Seeing no directions in the email I turned to iPage’s online chat where the agent instructed me to wait 10 minutes. Once 10 minutes passed I was in.

Simple right?

I’m a software tester and I get it – things break. Any company should be concerned when a string of problems all related to new customer acquisition are this severe. It’s as if iPage was telling me they really didn’t want my business so much they tried getting rid of me at several points along the way. I kept thinking this was a great example of how NOT to welcome a new web hosting customer.

Windows Time Sync error: 0x800705B4

When trying to display the time difference between a local computer and another time source using the Windows Time Sync command: w32tm /stripchart /computer:targetcomputer /samples:number /dataonly you may see the response as “timestamp, error: 0x800705B4”. This just means the local machine’s time source isn’t available.

To fix this error you need to set the client machine to use an external time source like another server. In order to do that the other server must be setup as a Authoritative Time Server. Then configure a manual time source using w32tm /config /manualpeerlist:targetcomputer /syncfromflags:manual /update.

When running the manual time source command on a Windows 2008 R2 SP1 machine I got a different error “The service has not been started. 0x80070426”. To fix this problem go to services.msc, find Windows Time and start it. When you rerun the command all will be well.

I’m not sure why Windows Time Syncing has to be such an issue without a domain controller setup but it is!

Deleting a EISA Partition

Most consumer computers these days have their drives partitioned: one for primary use and another for restoration. Often this is a partition that you can’t access because it contains restore / backup data. Fortunately for most users new hard drives are large enough that you likely don’t need the space; unless you’re like me and want every bit that you paid for. Worst is if you have an older computer with less space and roughly 10% of your available hard drive space is gone before you begin putting anything of your own on it. Lucky for you I can tell you / show you how to remove it! You can remove the partition if you want more space and have another way to backup / restore your computer. If you don’t, you might want to leave it. It’s also a good idea to do this when you first get your computer because it will require reinstalling your Operating System.

Tools Needed: External USB CD/DVD Drive, Original Operating System Discs (Windows XP or Vista), a pre-Vista Windows Disc like XP or 2000, and a USB Keyboard. (I haven’t tried this with Windows 7).

Note: I did this on my Samsung Q1 and the partition was an EISA partition. You can determine this by going to the start menu > right clicking on Computer > click on Manage > Click on Disk Management under Storage. You will probably have two Discs 0 and 1. The C drive will be installed on Disc1 (which is the second partition) and a blank drive letter for Disc0 (which is the restore partition). An EISA partition is not recognized by Vista and cannot be deleted by Vista, hence the need for XP or 2000 discs! (I’d assume the same problem exists for Windows 7 and/or any OS after Vista.) See the following article by Microsoft:

http://support.microsoft.com/?kbid=242168

First you want to restart your computer and go into the boot settings. You need to change your boot settings to boot to the CD Drive first, instead of the hard drive. When you exit and restart, make sure the pre-Vista Disc (I used a Windows XP bootable disc) and boot into the setup.

Next, after the XP setup process (or whatever OS you used) has loaded; it will recognize both the EISA partition and your regular partition. From here you can delete both partitions (by pressing L) which will create one large non-partitioned drive that can then be partitioned into a single NTFS drive. Once the formatting is over Windows will want to start loading files onto the drive; it’s at this point you can basically shut off the computer without any damage.

Now reinstall your operating system of choice and your EISA partition will be there again. Remember that if you are removing a backup partition to burn the backup or restore discs first. As always questions and comments are appreciated.