Not a professional but I play one on TV. #privacy #infosec #random #fun
9289 words

The Dissident

I have a massive headache today so I am going to keep it short.  There is a new documentary out called "The Dissident".  It is about the murder of Jamal Khasoggi.  I have not watched it yet but plan to watch it tonight or tomorrow.  Especially since many of the streaming services were afraid to carry it because they didn't want to anger the government of Saudi Arabia. So much for having values.  The trailer can be found here.


Vaccine Idiocracy

All in all the vaccine program in the US has been a total disaster.  It's hard to believe that we are the richest country on earth and still cannot get this right.  Anything of this magnitude is going to have problems, but many of our problems here are related to incompetence and cronyism.

For example, states are asking people to sign up on websites.  For those of us who are tech savvy that is great.  However, many of the targeted population is senior citizens.  Many of whom have no idea how to use the internet or are not very savvy.  It is hard to believe that no one saw this coming.  The situation is so bad that there are people creating facebook groups to organize training for seniors.  This also presumes that people have access to the internet.  In this day and age having no internet connection may seem weird, but it is a reality.

The states need better outreach programs to sign up and inform people and they need to do it without requiring an internet connection


Usability and Security

It's Saturday night so I will keep it brief.  When designing software it is important to consider both usability and security.  Without one the other becomes useless.


The New Facebook Ad

As some of you may know Facebook and Apple have been duking it out over Apple's new privacy nutrition labels.  Apple will also be disabling the an advertising identifier by default.  Prior to this you have had to opt out of the tracking, now you will have to opt in to tracking.  This is causing further fits at Facebook.  In response they have created a new ad campaign.  The first commercial dropped today and it is terrible!  See for yourself here.  

This commercial is too long, doesn't get to the point and the music is terrible.  It reeks of a desperate move by Facebook that is not very well thought.  The production values are high but the content is crap.  Which is ironically analogous to Facebook in general.


Are Security Keys Viable?

Those of you who are nuts about security have probably heard about security keys.  The little button, nub, or USB stick that you touch to help authenticate to some various accounts.  These are the most secure way to use 2 factor authentication on your various accounts.  The problem is that only a handful of sites support them.  Google, Facebook, Instagram, Dropbox and Slack are all onboard.  Unfortunately, many others are not.  Many major banks still have yet to support them and quite a few other other sites that offer other 2fa options like OTP or SMS still do not support security keys.  

Without a doubt security keys are the best solution.  The problem here is adoption.  Consumers need to purchase them.  Techies like me do, non-technical people like my partner do not.  Until we can find a way to get them in the hands of every consumer, I think that security keys are not a viable second factor authentication for the masses.


What is Clubhouse?

I've been trying to wrap my head around the concept of Clubhouse.  It is an audio only social media app that creates virtual rooms for hosted audio discussions.  Everything you always hated about conference calls in a new, fresh app.  I get that they want to personalize the social media concept and make it more...ummm...human.  However, I think this will end up being seen as the worst idea since Greedo shooting first.  Realtime audio discussions are not made for massive audiences.  Ask anyone who has been on a zoom call with more than a few users.  Someone always forgets to unmute or accidentally keeps themself muted.  How many people fighting, having sex or just being generally terrible are we going to end up hearing by accident?  Time will tell....


Always On Culture

Our always on culture is becoming detrimental to people's mental and physical health.  It seems like these days there are 72 different ways to communicate and we have to check all of them.  Constants beeps, rings, notifications etc plague us 24 hours a day.  The need to check our facebook or instagram or snapchat or whatever the app de jour is also contributes to this.  In effect, we always have to be "on" ready to respond to messages, comment on someones post or up on the latest series on netflix.

Since the early 2000's we have been barreling down the tracks of always being connected.  Once myspace came along it was all downhill.  Now it is at the point where people get offended if you don't "like" their posts within a certain timeframe.  It's also hard to hide these days due to the myriad of ways our locations are tracked.  Many people setup family sharing groups for their phones and it is even now built into cars.  24x7 always on, no escape.  

This lack of downtime for our brains is not healthy.  Our brains are working overtime to process all of these communications and trying to prioritize (not to mention on endorphin hit we get from "likes".  This leads to sleep deprivation, fomo about what is going on RIGHT NOW, and even feelings of inadequacy.  Teenagers are the most susceptible to this though this affects people from all walks of life.  I miss being able to hide out in my room playing records without a care in the world.

The ironic part is that we are more connected than ever, yet more isolated and alone than ever.


What is with all the surveys?

It seems like everywhere you turn someone is asking you to provide a review or take a satisfaction survey.  This is annoying.  I recently brought my car in for service and received no less than 3 text messages asking me to take their satisfaction survey and be sure to let them know if I wasn't going to rate them 5 stars.  Basically this tactic tries to juice their rating by making you feel bad about giving anything less.

This is the problem with reviews and surveys, in that it creates a perverse incentive for people to try to influence the result.  Some of this is good because it holds people to account but it also leads to people trying to game the system.  This over-reliance on raw numbers causes undo burden on both the provider and the consumer.  It leads to this cajoling for positive reviews rather than honest feedback.  

This happens for customer service phone calls, Amazon, car dealers, and many other places.  It seems like everywhere we go these days everything is being measured, with the cost being your time to fill out some survey that people will only passively read.

There has to be a better, less invasive way to gather customer feedback without constantly nagging them for positive reviews.  I don't have an answer at this point but boy is it frustrating.


The Recent Lastpass Brewhaha

For those of you who have been cruising Reddit lately you may have noticed a ton of hate for Lastpass.  This is one of the most silly controversies to come up lately but bears to reflection about customer service.  Lastpass announced last week that they would be severely limiting their free tier users to one class of device.  You can choose desktops/laptops or mobile devices but not both. So in order to sync you passwords with across device types you now need to pay for a subscription. This caused quite a few people to flee to other password managers with more robust free plans.  It seems like the largest number of people defected to Bitwarden.  Bitwarden has a very usable free tier that allows use on desktop/laptops and mobile devices, albeit with slightly limited functionality. It also has better pricing for its premium plan which only costs 10 dollars year.

On it's face this seems like a good business move by the bean counters at Lastpass.  However, it was a terrible decision.  While they are obviously pushing free users towards a paid tier of service or off their platform it ha served to piss off a bunch of users.  Those same users are taking this as a slight and now signing up with other services on their premium tiers.  Now not only has Lastpass lost user trust but they pushed potential customers to other paid services.  Yet another case of short term gain that will likely result in long term pain.  Especially since their platform has been rotting for several years already.



Anyone who hasn't watched the show Upload on Amazon Prime should check it out.  People have been telling me to watch it for months and I just started it tonight.  I'm sorry I didn't start it earlier.  It is a really good statement about where reality is heading with coupled with some lighthearted moments.  It really makes you think about how our techno obsessed, subscription based lives can go too far.  It reminds me of a lighter hearted version of a Black Mirror episode.  Definitely check it out.


Hollywood's Hypocrisy pt. 2

Here is another example of Hollywood hypocrisy.  Whenever there is a disaster all the stars come together in some type of half assed benefit song or movement.  One of the most recent examples is the video of a bunch of them singing Imagine.  I get it, they want to start a movement but in reality it is self serving virtue signaling.  Kind of like "Hey look at me, I'm relevant" 

My other peeve is how Hollywooders preach inclusivity but practice exclusivity. Everything is about people's weight, what they have, how they look.  Are they on the A list, B list, no list?  Exclusive parties where many treat their staff like crap.  These are the same people who want to preach to us that we should live simple, be accepting, and treat each other well.  While I don't disagree with those sentiments, I certainly don't need to be preached to about it by people who do not practice what they preach.


Hollywood's Hypocrisy pt. 1

I am relatively left leaning person.  Registered Democrat my entire life, with some centrist views as well.  I am most definitely not a fan of Donald Trump, Ted Cruz and the like.  Not a day went by over the lat four years that we didn't hear the stance of some Hollywood star about how awful the Trump, Cruz or other Republicans were for <insert issue here>.  For the most part I agreed with them but at the same time many of these people are complete hypocrites.  They espose liberal values then act in the most entitled and awful manner. 

Lets face it many of the big Hollywood power players are high on their own supply and think they are gods.  It's not just the actors I'm talking about, it's also the directors, producers and studio owners.  Lets remember that many of these are the same people who use "Hollywood Accounting" to fuckover unwitting actors, actresses and crew.  For those who aren't familiar with it, Hollywood accounting lets studios play numbers games so that it looks like no profit was ever made from a movie.  With this accounting method, technically Return of the Jedi has not turned a profit.  Worse yet the actual actor for Darth Vader never made a dime because he agreed to Net Points.  This article sums it up.  This practice is used on pretty much every movie that Hollywood makes.  It's essentially screws people too poor to fight and gives out a token to those who do.  Many of the people employing this practice are the same people decrying poverty and income inequality in this country.

More on this tomorrow..


For the love of God use a password manager!

Yes, please please please use a password manager.  Passwords are the key to our digital life and we are crappy at managing them ourselves.  Many people just resort to using either easily guessed passwords or the same password for every site (sometimes both).  This is a dangerous combination.  Easily guessed or cracked passwords are a no brainer.  However, even using the same complex password on every site, app, etc puts people at risk of credential stuffing.  Basically what happens is that when one site gets breached attackers will then try the passwords found there on tons of other sites.  Example, you sign up for website x, website x gets breached and your password and username are exposed.  People then take that data and try it on other sites like Amazon, Facebook, etc, etc.  If you had the same username and password for all of them, boom, they own your digital life.

Password managers help you avoid this by facilitating the creation and management of different passwords for each site or app you use.  Given the number of websites and apps we use, it would be near impossible to remember them all.  A good password manager will allow you to create complex passwords and even in some cases associated OTP tokens.  This allows you to create better bulkheads between your accounts.  This way if your password to youporn gets exposed it doesn't affect your Amazon or Instagram account.  

Most password managers are quite easy to use now with chrome extensions, web apps, and mobile apps.  Just make sure you pick one that has been independently reviewed and validated.  Some good ones are:

  • 1password
  • Bitwarden
  • Lastpass
  • Dashlane
  • Remembear
  • KeepassX
  • Truekey
  • and a bunch more ..

My two favorites are 1password and Bitwarden. 

I could further extol the virtues of using a password manager but at this point it would be repetitive.  So, For the love of God use a password manager!


umm....Parler is back.

Yeah it happened.  Parler is back online.  Albeit with a new CEO.  I have to give them credit for getting back on-line but geez they are coming back to a changed world.  Over a month ago it was found that so much data was exposed through their allegedly lax security practices that the media was able to make a timeline of events at the capital from it. 

My hope is that the new CEO will bring some sense of sanity to the site but I am not holding my breath.  Mark Meckler founded the Tea Party movement and CSG.  The sad part of all of this is that the site will likely thrive and only get worse than it was.  I feel like many of the people on it are going to feel emboldened will only be more vitriolic.

One can only wonder at this point but if history is our guide, bad things are afoot...


Does Silicon Valley Operate Like a Cult?

I was recently watching a documentary show about NXIVM, ya know, the creepy combination MLM business and sex cult.  While watching it I started thinking that some of the behavior and tactics of members and leaders reminds me of many Silicon Valley companies.  

As the typical cult story goes, a revered leader knows "the way" and starts building a following.  Along the way the leader picks up a number of dedicated followers who follow them with almost unquesitoning loyalty.  Inside the cult the leader is revered as a god like figure.  Their transgressions are overlooked and rationalized, in some cases for many years.  It all eventually comes to a head, unravels, and ends in tears.  This has been the story of many cults, NXIVM, The Branch Davidians, Heavens Gate, The Manson Family, The People's Temple (aka Jonestown).  While these cults were all different in their beliefs and motivation they all ended badly.

Now think about Silicon Valley.  A new tech leader or founder knows "the way" and starts building a company.  Along the way the person picks up a number of employees who follow them with almost unquestioning loyalty. Inside the company the person is revered as an almost god like figure.  Their transgressions are overlooked and rationalized, in some cases for many years.  It all eventually comes to a head, unravels, and ends in tears.  Some examples here are WeWork, Uber, Secret, Zenefits and most famously, Theranos.  There are several more that arguably have not fully imploded yet including Facebook and Apple.  The one key factor in all of these companies is they had a very influential leader who enjoyed a form of immunity from criticism or questioning of their behaviors.  

The employees in these companies (especially the early ones) learn to adopt the <insert company> lifestyle, slogans and weekly rituals.  The great majority of them view the leader as a being of pure light who can do no wrong and has all the answers.  Everyone swoons when the leader is around and treats every single word out of their mouth like they were just handed the ten commandments by god.  Even when these words are in conflict with peoples feelings of right and wrong.  This affords the leaders of these companies great power over their minions and an unlimited budget to do whatever they want.  After all, they are now a god and don't have to answer to mere mortals.  That is until it all comes crashing down.

It is now so common that people rarely bat an eye when they hear that tech company X crashed.  Usually because the leader was an asshole who was doing terrible things and was enabled by their tribe of sycophants.  In many cases, the companies have not crashed (yet) but show the same cult like indicators.  Steve Jobs was famously one of the most awful people but Apple employees revered him.  Mark Zuckerberg is...well...Mark Zuckerberg.  Silicon Valley is rife with examples.

Keep this in mind if you are looking for a job in tech.  The point of a job is to support yourself and your family.  Work hard and earn your pay but don't ever believe that the leader of your company is above reproach.  The more perfect they appear the more likely it is they are the exact opposite.