The post-Snowden era has been a good one for secure email

Email book coverTwo years ago a young man left his girlfriend and home with his laptops and a fantastic story that has changed the world and the way we think about our Internet privacy. I am of course talking about the flight and plight of Ed Snowden and his cache of secret documents about the massive NSA surveillance of electronic communications.

Whether you think Snowden is a patriot or a traitor or somewhere in between, it certainly has been an interesting couple of years in the secure email biz. It is a continued series of ironies, starting with the fact that Snowden had trouble convincing his chosen scribes to make use of encrypted email technology. (He isn’t the only one.) While he ultimately was successful in securing his communications with the press, another irony was how things ended up for him: now he is living in Russia, certainly not one of the most privacy-friendly places in the world. It is also ironic that his Russian residency has enabled his new career as a professional speaker, albeit using various remote video technologies since he can’t get on a plane because he doesn’t have a passport. (Part of me is envious of this, having to still give speeches the old fashioned way by getting on planes. But I am glad that I have my passport.)

But the ironies extend beyond Snowden’s life to more important matters. We have evidence that shows how the NSA abused numerous statutes in what they call “bulk metadata collection” of phone calls and emails. And we all now know what metadata means, and how former NSA director Michael Hayden said last year: “We kill people based on metadata.” Certainly, the Snowden effect is quite real, given the current debates in Congress over reauthorizing various legislative means for them to continue these practices.

And the ultimate irony of them all is another Snowden effect: while the NSA revelations have closed down several secure email providers such as Lavabit and Silent Circle, others have taken their place and encrypted email usage is most likely at an all-time high, thanks to the paranoid and prudent among us.

I have spent a lot of time listening to Snowden’s various public discussions, held at SxSW, with John Oliver for his HBO show, and at a recent conference at Princeton where he exchanged words with a New York Times reporter that broke some of the early stories. And while I am not sure where I stand on the traitor/patriot index, Snowden certainly has a lot of interesting things to say. It is clear that he has spent a good portion of his clandestine career preparing for his media close ups and photo ops. He also has a lot of time on his hands to keep up with current events.

I think Snowden has done more than just about anyone since Phil Zimmerman (the creator of PGP and now involved with DarkMail) to encourage email encryption usage. When Marshall Rose and I wrote a book about corporate email use back in 1998 (cover reproduced above), we said that secure email was “best described as a sucking chest wound.” For most of the last 17 years, secure email was more a curiosity and almost unknown and unused in corporate America. That changed two years ago, and it is catching on in more places.

It is still too difficult to use, as this story in Ars Technica takes you through how to deploy it on an individual basis. Maybe not a sucking chest wound, but still more than just a mere blister to be sure.

I am interested in hearing more about your own secure email usage, and it is partly motivated by a review that I am writing for Network World comparing several of the more useful business-oriented tools. Having used some of these products for decades, I welcome your own thoughts and will let you know when the review is published, probably later this summer.

And if you want to re-read a semi-serious blog post that I wrote last year where I thanked the NSA for enabling all sorts of activities, here you go.

Hyper-Converged Storage from DataCore Virtual SAN Software

DataCore’s comprehensive storage services stack has long been known for harnessing ultra-fast processors and RAM caches in x86 servers, for superior performance and enterprise-class availability. It now comes in a compact, hyper-converged package that is ideal for transactional databases and mixed workloads. DataCore Virtual SAN software is available for a free 30-day trial. It runs on any hypervisor and your choice of standard servers.

We tested DataCore Virtual SAN in May 2015.

Pricing:  DataCore-authorized solution providers offer software packages starting under $10,000 for a two-node, high-availability cluster, including annual 24×7 support.
Requirements: Windows Server 2012 R2

For information on DataCore’s SANsymphony-V Software-defined Storage Platform, check out our other video here.

 

When oversharing can cost you your job

We all know that Gen Y is prone to oversharing on social media. A quick search brings up all sorts of interesting situations that weren’t even conceivable just a few years ago and point out the pitfalls of moving things that were previously private communications into the public purview. As a few examples, here is a quick history of oversharing disasters from across the pond.

Then there is this little gem. In 2011, Patrick Snay reached an age-discrimination settlement with his former employer, Gulliver Preparatory School. (He was their former principal.) Attached to the settlement was a confidentiality agreement. However, the school rescinded the $80,000 settlement after Snay’s college-age daughter bragged about the deal to her more than 1,200 Facebook friends. In February, a Florida appellate court sided with the school.

And to top things off, the National Labor Relations Board has sued employers for firing employees who’ve taken to social media to complain about poor working conditions, and has this fact sheet for employers.

Back in the day (say a few years ago), the term we used when someone lost their job over a posting was that they were dooced. The origin comes from a blog that Heather Armstrong started and then lost her job over a post. She is still blogging, although now she is one of the old Wise Ones who can say stuff like this:

Living online for us means something different than it does for young college kids…. For us it means inviting a virtual audience into our home—our very distinctly messy home that has not been styled for an Instagram photo—and offering them an honest look at our spaces, our relationships, our victories as well as our wounds knowing that in the process of doing so we help each other to feel less alone.”

So can you be dooced if you haven’t even started working at a company? That is the latest in Internet manner issues we address. Last week there was an interesting dust-up when this question was posted on Quora from a newly minted engineer considering two first job offers, one from Uber and another from Zenefits.

The quick summary: basically the engineer listed pros and cons for both companies and asked the Hive Mind what to do. The CEO of Zenefits (which ironically had the lower salary offer) rescinded their offer, so the decision became moot. Then the web weighed in, with various people claiming Zenefits or the poster was acting badly. My reaction is that this will be a case study for future generations, where we can learn several lessons.

First, if you get job offers from more than one company, keep them offline and if you have to seek advice, definitely keep it to a phone call or two to a trusted mentor or advisor. No need to get the entire webverse engaged. This doesn’t have to be a public spectacle. Or really anyone else’s business but your own.

Second, if you are a corporate executive and going to rescind an offer, make it for a better reason that your feelings were hurt by some post. You don’t want to set an example for future job candidates to avoid even applying to your company. While I doubt in this specific circumstance that either Uber or Zenefits would be adversely hurt – after all, both are up for $50 billion funding rounds – still, you don’t want to become a part of thousands of blog posts, such as this one.

Third, if you are graduating college, it is time to become more professional with using your social media accounts. I wrote about this a long time ago but it deserves repeating: keep politics, sex, and religion out of your posts, remove those party pix with all the red cups, and remember that your friends might not appreciate being tagged in compromising or inebriated conditions.

Finally, if you really want to figure out which startup to work for, take some real advice from this well thought out TechCrunch piece.

The Uber/Zenefits query has so many delicious ironies it is hard to list them all: Uber has been known for acting badly with its employees for its brogramming culture, Armstrong weighing in with the advice of more than a decade as a mommy blogger now going out on her own as a media consultant, or just the notion of how two pre-IPO Silicon Valley titans compete for talent. I’ll let you pick. Just be careful of what you share and where, please.

SearchSecurity: The moving target defense and polymorphic protection

We all know what polymorphic malware is: the ability of malware to adapt to current conditions and evade security software to do its dirty business on a target computer. This type of malware can easily evade signature-based scanners and other standard means of detection since it is always changing the nature of its attack vectors when it executes. But what if we could harness this same behavior and use it for good rather than for evil? That is the idea behind the moving target defense, something that I first saw when I visited Israel earlier this year.

You can read my story about this intriguing defense here.

SearchSecurity.com: Postcards from the New Network Edge

With distributed workforces and mobile technologies, the network perimeter has evolved beyond the physical limits of most corporate campuses. The days when the perimeter was an actual boundary are a fond memory. Back then, firewalls did a decent job of protecting the network from outside threats, and intrusion prevention tools protected against insiders. But over time, the bad guys have gotten better: Spear phishing has made it easier to infiltrate malware, and poor password controls have made it easier to exfiltrate data. This means that the insiders are getting harder to detect, and IT assets are getting more distributed and harder to defend.

You can read my story in SearchSecurity here about four strategies for defending the new network edge. Or watch my video slideshow where I cover some additional points.

ITWorld: These organizations will train, mentor and help you find your next job for free

Tech is back in demand and at a height not seen since the dot-com bubble burst at the beginning of the millennium. The IT sector has about half a million unfilled job openings across the country, accounting for about 12% of all open positions. I talk about several organizations around the country that can help fill these positions, by helping to train, mentor and place tech talent. These include LaunchCode in St. Louis (where I am doing some consulting), Code Oregon which is a partnership between Worksystems and Treehouse, one of the nation’s leading online interactive education platforms. There is also Code Louisville in Kentucky and Grand Circus in Detroit.

You can read my post in ITWorld today here.

Network World: Five cloud costing tools reviewed

Certainly, using a cloud provider can be cheaper than purchasing your own hardware, or instrumental in moving a capital expense into an operating one. And there are impressive multi-core hyperscale servers that are now available to anyone for a reasonable monthly fee. But while it is great that cloud providers base their fees on what resources you actually consume, the various elements of your bill are daunting and complex, to say the least.

Separating pricing fact from fiction isn’t easy. For this article, we looked at five shopping comparison services, including Cloudorado, CloudHarmony’s CloudSquare, CloudSpectator, Datapipe and RightScale’s PlanForCloud.com. Some of them cover a lot of providers, some only focus on a few.

You can read the full review in Network World today here.

Box turns the API world inside-out

You might not have seen the news last week from Box, the online storage service. There are two items. First is about Box’s new developer edition, announced at its annual conference. What is significant is that this is the first time, to my knowledge, that a software developer has made it easier to embed its app inside other apps. Let’s see what they did and why it is important.

Many software vendors have spent time developing application programming interfaces or APIs that make it easier for third parties to have access to their apps or data that they collect. These days it is hard to find a vendor that doesn’t offer an API, and Box has done a terrific job with its own APIs to be sure. They have created a developer community of tens of thousands of people who write programs using them.

These programs make it easy to fax a document from within Box via an Internet faxing service, add digital signatures inside a document, make small changes to a document, and so forth. The idea is to manipulate a document that is inside the Box cloud storage system, so that their cloud can become more valuable than the dozens or hundreds of other cloud-based storage providers that are available. Without access to its APIs, a third party has to first move the document out of Box, make these changes, and then move it back to its repository. That takes time and uses computer resources.

But the developer edition turns this notion on its head, or should I say goes inside the Box. What they are trying to do now is allow apps to use a set of Box features, but doing so inside your own app. Instead of accessing APIs so you can manipulate particular documents, you can make use of Box’s security routines, or storage routines, or other basic functionality, so that you don’t need to invent this functionality from scratch for your own particular app. What are some of the features that are offered? According to the announcement, these include: “full text search, content encryption, advanced permissions, secure collaboration, and compliance.” That is a lot of stuff that an independent software developer doesn’t have mess with, which means that new apps could be written more quickly.

On top of the developer edition, Box also announced its own Javascript libraries that anyone can use to get started on coding some of these features, called T3. They had posted a few snippets of code on this website showing you how you can construct a Todo list. While JS frameworks are numerous, this one might be interesting, particularly in light of the developer announcement.

Certainly, online storage is undergoing its own evolutionary moment. Google is now charging a penny a GB per month for near-line storage, promising to retrieve your files in seconds. Of course, they and other cloud providers are (so far) just a repository, and that is the line in the cloud that Box is trying to draw with these announcements.

If it all works out, we’ll see Box become the center of a new universe of apps that can take collaboration to the next level, because the folks at Box have already built a collaboration environment that they use for their own customers. It is gutsy, because a Box-like competitor could make use of these features and out-Box Box (which is one reason that Box will control who has access to its tools for now).

It could backfire: developers are a funny bunch, and many of them like reusing someone else’s code but maybe not to the level that Box requires. It certainly is a different model, and one that will take some getting used to. But the proof is in the pudding, and we’ll see in the coming months if anyone’s code turns out to be noteworthy.

Car sharing comes of age

Who knew that I could become so trendy when it comes to cars? Research has shown that more teens are postponing getting their driver’s license and in some cases forgoing buying a car. For many when they turn 16 it isn’t the driver’s test, but the application to get their own Uber account, that signals their newfound independence.

I have a mostly hate affair when it comes to cars. I bought my first car at age 30 when I moved to LA and couldn’t get around without one there. Now that I live in St. Louis, my wife and I share one.

Since my office is literally across the street from my home, I generally don’t need a car for most workdays: I bike or take transit to meetings, or to share a ride with a generous co-worker when a meeting is held out in the suburbs. And when I need to get to the airport, we have decent light rail stops near my house and at the terminal to make it very convenient.

When my daughter lived in Denver, she showed me how easy it was to use Car2Go, a service that she made good use of since she didn’t own a car. So I signed up with the service just to see what was involved, even though it isn’t offered in my city. Last week I also got my membership in a car share program that I can actually use with a shared vehicle just down the street from my home and office.  That is one of the issues of car sharing services: they have to be nearby when you need them, otherwise you won’t use them.

Now that my daughter lives in Israel, cars are uber-expensive, and she is making do with renting a car and taking transit. But mostly she walks. She has yet to own her own car, and is part of a large and growing cohort. There are many 20-somethings whom I know that are car-free by choice, whatever the reason.

What is even more remarkable about this trendlet is how it has attracted a strange collection of bedfellows. Back when I was in grad school, I don’t think I ever would thought it possible that Bill Ford would give a keynote at Mobile World Congress in 2012 that supported this sharing-centric economy and rebrand his grandfather’s car company as a mobility provider.

Having spent some time with Mr. Ford, I believe his views aren’t posturing, and he really believes that the days of one person/one vehicle are coming to a close.

Since he gave that speech, the sharing-centric economy has taken off. You can now share cars (Uber and Lyft), share your spare room (AirBnB) or just your sofa (CouchSurfing) and share your desk at the growing number of co-working spaces everywhere. But when you combine these sharing technologies with mobile and cloud you have more than just a trend, you have a real movement, as Arlo once sang about. And this movement is all about making it easier for more people to work from home or their local coffee shop, to easily share documents without having an IT-owned resource in between, and to do a lot more work from their non-PC devices such as tablets than ever before.

When I think about what has changed from when I first entered the workforce back in the 1970s, it is pretty remarkable. Having someone work from home even one day a week was a major ordeal back then and thought more elitist than acceptable. Clouds were things that produced rain and shade, and sharing wasn’t caring. Although back then as now, you could easily carpool across the Oakland Bay Bridge every morning if you knew where to stand.  Now we pay routinely $13 or more for a round trip on some NYC bridges and tunnels.

While I doubt that the teen driver license acquisition ritual will become extinct, it is nice to see more teens opting out and sharing their rides. Of course, a remake of “American Graffiti” where Curt and Steve are cruising the strip in the back of their Ubers and the Wolfman has his own Spotify channel might not quite become the cult classic of the original, but then few remakes ever do.