My new genAI mini-me: meet Ada

Posted on by
2

I am split on the utility and influence of AI in my work. I read articles such as what David Gewirtz recently posted on ZDnet about ways that AI can save time for small business owners. Kudos to him, and others who have spent a lot of time with AI.

But I wanted to go in another direction, so a year ago I was invited to try out an experiment — why not develop a genAI chatbot that could be trained with my entire published corpus? It is finally ready for initial testing. We call her Ada, named after Ada Lovelace. (And yes, I am using that pronoun. It just feels right.)

I am not a frequent AI consumer, and the reason why is that I have long-ingrained work habits that focus on my human abilities to seek out new information and write compelling content by hand. But what I do lack is a perfect memory of what I have written over the many decades that I have been a professional editor. That memory is limited to what I can dig up on my blog, my hard drive, and my website. Perhaps Ada can make it easier to find this as I begin my research on a new article. And perhaps Ada can help you recall what I wrote decades ago that could be relevant to your particular situation. So began the project,

I was working with a team of developers who have already developed other chatbots with a similar intense vertical knowledge. Ada is based on the Anthropic Claude Sonet LLM, with some custom code. None of the queries that you or I submit are saved once you close the browsing session.

It is a bit eerie and wonderful at the same time. It is like talking to a better version of myself, which I guess is a sign of how successful she is. My queries were answered with things that either I recall saying myself, or sound like something I would say about the topic, and for the most part, were pretty much on target. And, the answers also were documented, with the actual URLs that were posted.

If you ask Ada about my writing style, here is what she says:

## Core Writing Philosophy
You write to make complex technical topics **accessible and understandable**. Your goal is clarity over jargon – you want readers to actually grasp what’s happening in the tech world, not just be impressed by terminology.

## Key Characteristics

**1. Clarity and Directness**
– You cut through marketing hype and get to what matters
– Short, punchy sentences mixed with explanatory ones
– You define technical terms when you use them
– Active voice dominates

**2. Practical, Real-World Focus**
– Heavy use of concrete examples and case studies
– You often test products yourself and report findings
– References to actual companies, incidents, and implementations
– “Here’s what this means for you” orientation

**3. Balanced Skepticism**
– You question vendor claims and industry buzzwords
– Point out both strengths AND weaknesses
– Acknowledge when something is overhyped vs. genuinely useful
– Not cynical, but definitely not a cheerleader

**4. Conversational Expertise**
– Slight conversational tone while maintaining authority
– You use “you” to address readers directly
– Occasional wry observations or dry humor
– Like a knowledgeable colleague explaining something, not lecturing

**5. Structure and Organization**
– Clear headings and bullet points
– Logical flow from problem → explanation → solution/implications
– Often lists or numbered points for clarity
– Strong topic sentences that telegraph what’s coming

**6. Context and Background**
– You don’t assume readers know everything
– Provide relevant history when it illuminates current issues
– Connect dots between different tech developments
– Explain *why* something matters, not just *what* it is

This style has served you well across decades of tech journalism – it respects readers’ intelligence while acknowledging that even smart people need clear explanations of complex topics.

Does that sound like someone you know? Exactly. (I am using a different font here to distinguish her replies.)

Now, why would I want Ada around as an AI mini-me? As I mentioned earlier, one of the first reasons that I was attracted to it was because it did a better job searching my corpus than I could do with the default WordPress (or MacOS) search panels. And it also searches my website content, something that I never got around to properly instrumenting. Granted, much of that content is pretty ancient stuff but does come in handy sometime, like when I was asked to serve as an expert witness because of something I wrote in the mid-1990s. On the internet, your words live nearly forever — at least until my hosting provider decides to delete my stories.

But am I worried that Ada will replace me? After all, instead of having the real human write something, you could just query Ada and get it instantly. No muss, no fuss, and no delay. That’s true. Perhaps Ada will become a low-cost competitor and hollow out my freelance business, (at least more than any genAI tool already has done) but I am betting that you will find the human/AI combo a potent differentiator in the kind of work that I can offer. Like I said, it is an experiment.

Will I charge for using Ada? Eventually. Right now, I am interested in your feedback and whether you think her responses are accurate and appropriate. In my tests she was quite clear on what she knows and what isn’t in her training set. For example, I asked her about different USB standards, something that I have never (at least to my recollection) written about. She replied:

I apologize, but I don’t see comprehensive information about different USB standards and their specific differences in the provided source material. While USB is mentioned briefly in a few contexts (like as a connection option for some home networking equipment), the articles don’t contain detailed technical comparisons of USB standards.

Right on Ada.

Ada is current as of last month. And for a limited time, you can try her out yourself and see what you think.  All you have to do is ask me for the login credentials.If you are interested, drop me an email — or even call me on the phone — and you can test drive her.

Doing public relations in the lower literacy era: Sam Whitmore podcast

Posted on by
Reply

Literary rate is low, pubs still believe in words, and people don’t have the skill or patience or ability to concentrate and to read anymore. I talk with my long-time colleague and friend Sam Whitmore about how he thinks we are in the post-literacy era, (There is this Harvard study.)  I think the ability to analyze trends from the written word vs. a well-placed picture or video demo, what I call visual literacy. This 15-minute conversation talks about this perspective for PR agencies and their clients and how to craft multi-modal pitches in the modern era. We also discuss how AI-generated outage can shape and drive online advertising.

Peter Coffee enters his next career

Posted on by
7

I had a chance to catch up with Peter Coffee, who recently ended his 18 years at Salesforce to focus on philanthropy and pro bono consulting. I first met Peter in the mid-1980s, when he was working for a defense contractor in IT, and I had just left working for an insurance company’s IT department. Both of us were living in LA and both of us were part of the advance guard of installing PCs around our companies. I had taken a job with PC Week, writing my little corporate IT heart out, and I had just hired Peter to be part of a team of product reviewers and in-house analysts.

Back in those days, there were many different PC makers, each running a slightly different collection of hardware and operating system. MS DOS, the Microsoft version, hadn’t yet become a standard, and there were also other operating systems that have since either died (like CP/M)  or have morphed into major big deals (like the early versions that became Linux). Peter recalls one debate that he had in person with Bill Gates in those early years, where he argued that MS DOS might be the technically superior product, but other DOS versions put more tools in the box. Those were the days where you could buttonhole Gates in person.

Before we came to PC Week, Peter and I would examine these products and make recommendations to our corporate user base and management about which ones would become the company standard. Given that both of our companies were huge IBM customers, you might think that IBM had the PC world locked up, but this wasn’t always the case.

Peter and the rest of my team at PC Week Labs were early to do product reviews and write about the issues that we saw in terms of our corporate context. “We created an entire new way of breaking news by doing tech investigations and analysis. We would write short pieces that were published the following week, originating this content from our technical backgrounds,” he said, giving me credit for creating this journalistic model that has since flourished and now seems in decline. We also did numerous stunts, such as testing which network topologies were actually faster (Ethernet) and why early Windows was a bust (it ran on top of DOS rather than replacing it) or about the 386 CPU. They were heady times, to be sure. It was a model that I brought over to Network Computing magazine, which I began in the summer of 1990.

Peter reminded me that many tech pubs — including most of the overseas ones — had a pay to play model, where the writers would offer up glowing reviews of the products of the major advertisers. What we did was having strong opinions and having the technical chops to back them up.

But times have changed. Now everyone is familiar with PCs, and takes them for granted. You don’t need a degree in Computer Science to be able to program, “because computer literacy is more about thinking about a problem than learning how to write code,” as Peter told me. “It is about finding the right tool to do the job, and assembling connections and anticipating the questions and problems that lie in the future. That has changed the whole notion of technical expertise into tying data sources and algorithms and understanding what the ultimate user wants to know.”

Several years ago, Peter and his wife started a non-profit foundation that will occupy their full-time attention. The foundation will focus on funding local efforts to improve climate, STEM education and other matters. His goal is to bootstrap these efforts into a better position to obtain national or international support. He said, “These are problems that could exponentially bloom into major issues, but they need help when they are still small and solvable.”  I wish them well.

Three new malware variants you might BOLO

Posted on by
Reply

Of all men’s miseries the bitterest is this: to know so much and to have no power.

That was something attributed to the Greek philosopher Herodotus, who lived in what is now Turkey and Italy more than 2400 years ago. It is a fitting name for a new kind of Android banking trojan that is making the rounds. The trojan works by inserting a small but randomly variable delay between keystrokes, to make them appear as to be typed by a (relatively poor) human typist. It has other features, such as being able to steal 2FA codes sent via SMS (yet another reason not to use this transport method), intercept everything that’s displayed on the screen, grab the lockscreen PIN or pattern, and install executable files. The malware looks like an ordinary mobile banking app but there is nothing ordinary about it.

But Herodotus isn’t the only bad news bear that is out there. How about the RedTiger malware that steals data by flooding targeted systems with hundreds of processes and random files to confuse forensic examiners. That essentially buries any warnings to make it harder for security personnel to figure out where the pony is in this massive alert pile. And another malware that goes by the name CoPhish — it hides Microsoft Copilot commands within phishing the HTML text of emails. That text is designed to not be displayed if you are just reading them in your browser or email client.

What these three attack methods show is that the bad guys are getting better at hiding in plain sight, using AI methods and more subtle mechanisms to distribute their malware and then try to remain out of sight for several months while the attacker moves about trying to document the soft center of your network that will be compromised.

So you have been warned. Pick a better MFA method than SMS texts to get your pin codes. (My favorite is Authy, but there are plenty of others.)  Make sure to carefully vet any downloaded app to your phone before you start using it, and at the install time, please pay attention to the warnings about what permissions it requires to ensure that it isn’t grabbing everything it can. And don’t reply to any text message involving money that comes out of the blue, whether from your bank, your long-lost cousin traveling abroad, or someone who is acting friendly (want to join me for dinner). It’s a jungle out there, and sadly an old Greek guy was spot on about how much we know but still don’t have any power to do anything about it.

Deleting your private data will get easier: thanks California

Posted on by
4

Most of us have seen those annoying pop-up screens when browsing the web that ask us to accept some turgid privacy policies or approve the use of cookies to track our sessions. California and a few other states are trying to make things more secure and protect our privacy by introducing new regulations that will go into effect in the coming months or years. One of these technologies is called a universal opt-out preference signal or sadly the acronym OOPS. California’s explanation can be found here.

The universal part of the deal is that many websites will recognize these signals, so users don’t have to individually opt-out of tracking for each website that they visit where they are buying something online or sharing their personal information (such as a social network). CalOOPS will make this mandatory in January 2027. That is a long ways off to wait for this convenience. Several other states are moving to enact similar laws, although it is a long road ahead. The OOPS signals are already not required in six of the 19 states that have privacy protections — just showing how much of a crazy quilt our privacy picture is and will continue to be.

The OOPS laws are just one of a triad of regulations that were enacted earlier this month in California. The others required major social media platforms to provide users with a clear way to delete their accounts and ensure that the data in your account would be completely wiped. The third law requires data brokers to more stringent standards, including how deletion requests are handled by a new service called DROP. Those two go into effect in January 2026. Husch Blackwell (who does an excellent job tracking state privacy laws) has more info on this page describing the three laws.

DROP stands for Data Removal and Opt-Out Platform, and it will be a central place where consumers can begin the process of removing their data from multiple data brokers. If you have ever tried this on your own, you probably know how frustrating the process can be: first, the brokers are numerous and many of which are companies that you probably never heard of. Here is a list of more than 600 of them. Then, once you can find one, they make this deletion action as obscure as possible, or put you through various pathways (download a special app, submit a web form) that don’t inspire confidence. And realistically, how many brokers are you going to do this with anyway? And finally, is Facebook et al. a broker or a social network or just all-around evilness?

Remember the do-not-track phone settings on your phone? Probably not, because these were for the most part ineffective, and not mandatory. These new laws have enforcement provisions. We’ll see if that matters in the end.

Browser vendors with privacy controls are one answer, such as Brave, DuckDuckGo, or extensions such as PrivacyBadger (which I wrote about here). I have been using Opera Air, which has an ad blocker built in. There are two problems. First, these browser-based tools don’t always work on some websites that require pop-ups as part of a normal workflow, or the websites don’t want you to run ad blockers, because they lose revenue from displaying the ad banners. And second, as you might have guessed, there are no federal data privacy laws, and given the state of our Congress, chances are slim that we will see any soon. That means that laws could be enacted that work at cross-purposes.

I would be interested in hearing any strategies that work for you.

 

CSOonline: 12 Attack Surface Management tools reviewed

Posted on by
Reply

Potential Attack Surface Management buyers need to understand how various network and other infrastructure changes happen and how they can neutralize them.

Periodic scans of the network are no longer sufficient for maintaining a hardened attack surface. Continuous monitoring for new assets and configuration drift are critical to ensure the security of corporate resources and customer data.

New assets need to be identified and incorporated into the monitoring solution as these could potentially be part of a brand attack or shadow IT. Configuration drift could be benign and part of a design change, but also has the potential to be the result of human error or the early stages of an attack. Identifying these changes early allows for the cybersecurity team to react appropriately and mitigate any further damage.

I review 12 different ASM tools and also provide some questions to ask your team and the vendors about their ASM offerings in this updated article for CSOonline.

 

Salesforce behaving badly with Zoomin acquisition

Posted on by
Reply

Last year, Salesforce acquired Zoomin, a company specializing in organizing unstructured data such as documentation and knowledge base repositories. As part of that acquisition, they announced that there would be no further product features (other than bug fixes) added to the Zoomin platform and that it would reach the end of its life in 2027. Eventually, they will replace Zoomin with a yet-to-be-announced new product to be added to their Service Cloud and Agentforce services. The key word in that last sentence is “eventually,” which is why I say they are behaving badly.

This move puts Zoomin customers in a quandary, because Salesforce has asked these customers to decide on renewing their contracts within the next month. One reader, an IT manager at a large tech firm who has been a Zoomin customer, wrote to me, saying “Salesforce wants us to move to a competitor because some genius in their finance department has put some arbitrary date out there that they need to quit providing support by. I’ve never seen something so nuts because it means we are on the hook for an additional 18 months of subscription costs for a product they aren’t improving.” My source was in the middle of an expansion of its Zoomin project, adding new documentation files and features that were part of their development plans. This was one of the reasons why they chose Zoomin to begin with. “We don’t want to keep enhancing a dead platform,” he said. Now they have to look to another vendor. “Killing Zoomin without having something to step in doesn’t make any sense to me.”

My source did get various briefings, roadmaps, and other information, which he shared with me. These plans were short on specifics, such as a “timeline” — the quotes indicate my own skepticism about their plans. Key missing elements are any solid migration plan, or any guarantee how the existing Zoomin data structures would be integrated into Service Cloud, or what the new subscription costs would be, or if there would be additional charges to migrate the Zoomin data. I find this both distressing and somewhat ironic, given that one of the attractions of Service Cloud is its ability to integrate across many different databases and platforms.

You can see one page of this briefing below:

As you can see from this page, there are lots of “upcoming” features that are called out. Both of us have been around the software devops block many times to know these are placeholders in any timeline that indicate these are features that might never happen, or won’t happen any time soon. One other notable curiosity is that this document never mentions Zoomin explicitly.

Salesforce is on a tear to produce an agentic AI-based self-service portal that can be used for all sorts of purposes, including a superset of what Zoomin was starting to do with its platform. You might agree with this direction, even if agentic portals might not be ready for prime time. But whether this is removing a competitor, total vaporware, wishful thinking or an actual service remains to be seen.

Red Cross: Mizzou makes running a large blood drive look easy

Posted on by
Reply

Red Cross phlebotomist Jenise McKee standing next to Jake McCarthy who is sitting in chair about to donate blood.

Setting up a mammoth blood drive is akin to building a 100-bed hospital emergency department from scratch and then taking it down a few days later. I got to see this in person with what is reported to be the largest student-run blood drive in the nation. Columbia is the city where you can find the University of Missouri, popularly called Mizzou, home to more than 30,000 students. For more than 40 years, the school has hosted blood drives in partnership with the American Red Cross. This year they broke their own record, collecting over 5,000 units of blood. You can read my post about the blood drive last month here on the chapter blog.

(photo is of Red Cross phlebotomist Jenise McKee readies Mizzou student donor Jake McCarthy for his Power Red blood donation.)

Book review: Wine Lord

Posted on by
Reply
Wine Load by D.B, Adams is a debut novel which offers an insider’s look at the way wine is made and marketed. The story takes place in Napa Valley, and if you are a wine drinker or if you are interested in that part of the country, this book might resonate with you. While the story is mostly well-written, it has its uneven spots that I will get to in a moment. If you consider yourself a wine aficionado or wine snob, you might find this book either humorous or frustrating. The story seems to be a realistic portrayal of the wine business world and describe a very believable conflict between the owners of the winery and their financial backers.
One notable exception is its stilted dialogue by a major character who is not a native English speaker. This doesn’t read well on the page. There is an impressive amount of words that offer nothing to advance the narrative or add to the enjoyment of the book and detract from the story flow. I found myself skipping whole pages of this dialogue the further into the book I read
Some people think they know more about wine than they actually do. What this novel succeeds at is showing that there are a lot more subtleties involved in the making and enjoying wine than just swirling it in a glass. But there is also a lot more involved in the making and enjoying a great work of fiction, and here this book disappoints.