Book review: Mirror Man

At first glance, the plot line of this book seems tired: part clash of the clones, part “Total Recall” memory conflicts, part retread sci-fi mystery. But as you get drawn into the book, which concerns a pharma marketing exec who volunteers for an illegal cloning experiment, replacing himself with a clone for a year, you find out it is quite original and intriguing. The clone — and his body double who is locked away — are both carefully observed, although not as carefully as the scientists think. By the time you reach the end, you’ll have thoroughly enjoyed this book, and the combination of sci-fi and mystery is a nice balance. Highly recommended and I might have to rewatch the original Total Recall just to savor some of those memories, wholesale.

Here is an excerpt from the new Jane Gilmartin novel.


Cord cutting ain’t easy

For years now many tech folks have discussed cord cutting. This usually refers to eliminating the traditional cable TV provider and replacing it with one or more streaming TV services. Earlier this month I spent a week trying to eliminate AT&T Uverse cable TV service from my life. It was a dismal failure. I first tried Hulu Live TV, then YouTube TV. Both would have saved me about $75/month if they worked as promised. What I found out is that there are two general conditions that these streaming/cord-cutting services are a good fit for:
— If you just have one TV (or have all relatively recent smart TVs) and
— If you have a cooperative family that can ignore some of the usability issues.
If you have > 1 TV (or a mixture of various vintages), you will need multiple boxes or sticks or whatever add-ons to turn your older dumb TVs into smarter ones. This is because in order to fully take advantage of the streaming service of your choice, you need a good app that runs on the TV that will present the channel guide and allow you to add programs of interest. The more gear (besides the TVs) you need, the less compelling the economics and the more complex the usability issues. Not helping matters is that the services are raising their rates: YouTube TV, for example, had a big price hike over the summer. Doing my usual thing, here is what I found:
    • The UIs are just awful for the streaming services. Maybe we got used to the cable UIs over time — which wasn’t anything to crow about. YouTubeTV has the best interface, but it is the best of a bad lot. The problem is those change-resistors that I mentioned above. And it doesn’t help matters that you don’t usually have a keyboard to navigate these UIs. While it is nice that the new Google TV and some of the other devices (Like the sticks from Roku and Amazon) come with a remote, this isn’t enough.
    •  If you have a mixed collection of different TV vintages, you are probably going to be switching between the web UI and the TV app UI, which will further confound the change-resistors in your family. Exhibit A is Netflix: their web UI has been perfected over a longer time than any of their app UIs, and despite all the code development, both of them are still less than satisfying.
    • The app collection for your TV is disappointing. This isn’t like getting apps on Google Play or iTunes app stores. You are stuck with whatever is available for your particular generation of TV. I got a new TV last year, which is great for that TV, but unless you plan on upgrading all your home’s TVs you won’t be happy with the older vintage apps available.
    • One of the bigger downfalls of the streaming services is being able to easily rewind and fast forward (including through commercials). Uverse (and just about every cable TV provider) makes this easy. Every streaming service makes this a lot harder, and in some cases you can’t skip the ads (unless you buy a premium package, and then that just lets you skip some of the ads). One of the reasons why we record our favorite programs is being able to skip ALL the ads. I also found that the time of day that you watch will determine how many ads get inserted into your programming streams.
  • You need to read the fine print. Some of the streaming services have extra charges for multiple users or multiple TVs or multiple devices, to remove some of the ads, or to add additional capacity for recording your shows. A small subset of the various Hulu “add-ons” are shown in the screencap at left.
  • Finally, the TV apps don’t easily maintain channel states after the TV is turned off. When I am watching channel 5 on any of my TVs — smart or not — if I turn it off and then back on, it stays on channel 5. This is not necessarily so with the apps. With my smartest and newest Samsung TV in my living room, there is a setting on the menu that I found after much poking around to enable this. But it was purely by persistence that I found it.

So I went back to Uverse over the weekend. It was an interesting experiment, and I appreciate my wife being patient as I messed around.

Live blogging at the Avast CyberSecAI conference

Last year I was fortunate enough to attend in person the CyberSecAI conference in Prague, a unique blend of academic and business researchers and practitioners involved in both cybersecurity and AI fields. This year the conference went completely virtual. I covered most of the sessions through live Tweets and wrote two blog posts that are now up on Avast’s website:

  1. Creating and weaponizing deep fakes. Dr. Hany Farid of UC Berkeley spoke about their evolution, the four different types of fakes, and ways that we can try to solve their challenges. I found his analysis intriguing, and his use of popular figures that were deliberately fakes brought home how sophisticated AI algorithms is needed to flag them definitively.
  2. Understanding bias in AI algorithms. A blue-ribbon panel of experts discussed how to reduce AI algorithmic bias. Should we hold machines at higher standards than we do of ourselves? It was moderated by venture capitalist Samir Kumar, who is the managing director of Microsoft’s internal venture fund M12 and included:
    • Noel Sharkey, a retired professor at the University of Sheffield (UK) who is actively involved in various AI ventures,
    • Celeste Fralick, the Chief Data Scientist at McAfee and an AI researcher,
    • Sandra Wachter, an associate professor at the University of Oxford (UK) and a legal scholar, and
    • Rajarshi Gupta, a VP at Avast and head of their AI and Network Security practice areas.

Part of the problem with defining bias is in separating correlation from causation, which was brought up several times during the discussion.

Mail-in ballots are the new literacy tests

I was watching a fascinating movie on Amazon called All In. It documents voting suppression history in the US. While we have had various laws, including several Constitutional amendments, their implementation is mostly a local matter. Some local officials have done what they can to deny the vote over the years. For the most part, the documentary is accurate. It features numerous interviews with Stacey Abrams, who lost the Georgia governor’s race in 2018.

The movie comes at an interesting time. In my blog post for Avast this week, I summarize many of the voter suppression efforts that we have seen in the past several years, including leading up to the 2016 and 2018 national elections. There was a lot of data on suppression collected by Mueller. His report  showed that more than 3,500 ads on Facebook were placed by the Russian Internet Research Agency to try to convince potential Black voters to stay home during the 2016 elections. The same group also posted a series of anti-Muslim ads and organized concurrent protest rallies in Texas on opposite political sides. My Avast post has more details on the recent suppression efforts seen this year.

There are efforts to try to encourage everyone to vote, including a major ad spend by a new non-profit group called National Council on Election Integrity.

In the Amazon All In documentary, one person suggests the 2016 efforts should be called “Jim Crow v2.0,” referencing the pre-60s laws (and more recent changes) that made voting difficult by instituting literacy tests and poll taxes. You can see some archived examples of 1960s-era literacy tests here. These tests are almost impossible to pass, even f you have a graduate degree in American Studies.

I want to take things a step further: I think we are now in the Jim Crow v3.0 era. The new literacy test is the result of a confusing series of mail-in and absentee ballot regulations and shifting court challenges that are now happening across our country. My wife and I voted via mail-in ballots in Missouri: it took a lot of re-reading the various instructions, figuring out the steps involved, getting our ballots notarized and then mailed in. Each ballot has to be returned in a matching envelope and is tagged with a QR code that you can scan to check on its progress, to ensure that the elections board received it. (They did.) A good resource is what the Washington Post has put together that tells you when and how you can vote in your state.

But there is a subtle difference between mail-in (which anyone in Missouri can do) and absentee (which you have to certify that you aren’t going to make it to the polls). They have different deadlines and other requirements. For my Avast blog, I got to talk directly to Trevor Timmons, the CIO for the Colorado Department of State, the agency that supervises its elections. In its June 2020 primary, more than 99% of registered voters submitted mail-in ballots. Colorado is one of those “universal” mail-in states, meaning that every registered voter will receive a mail-in ballot. You can come and vote in person, but most people don’t. You can also register and vote on election day, something only a few states have.

After I had mailed in our ballots, I had a senior moment where I thought I swapped my ballot and put it in my wife’s return envelope, and vice-versa. Timmons told me that they specifically look out for these situations and still validate both ballots: “It is a common error that takes manual intervention to resolve, but it is resolved quickly.”

What about fraud with mail-in votes? If you examine this page from the Heritage Foundation, you can see their dashboard of fraud has found 1,300 cases. That sounds like a lot but not when you compare that with the hundreds of millions of votes cast. Timmons is more worried about election security, and has put a series of measures in place, such as MFA required for all election judge since 2013), applying current software patches and using other endpoint detection tools to stop malware attacks. “We have seen ransomware incidents in some of our counties that compromised other agencies. We detected them when the attacks attempted to move to the elections boards and we were able to stop their spread.”

Meanwhile, October hasn’t been without its election systems hiccups. Voter registration systems were overwhelmed in Florida. Georgia’s electronic voting machines had some issues on the first days of early in-person voting, and Virginia’s and Pennsylvania’s online registration systems were both down thanks to a construction crew cutting a fiber cable and a systems crash in a data center, respectively.

Network Solutions blog: How Microsoft Teams Enhancements Protect Collaboration

As remote working has increased in popularity, better collaboration tools have become more of a necessity. Microsoft has been paying attention to this trend of course and recently announced numerous enhancements to its Teams platform. Teams has been around for more than a year and combines chat and instant messaging with video conferencing. Most of its newest features are only available on the latest version of its Windows desktop app that was released at the end of July: the web browser and Mac versions are not yet at feature parity.

If you think of Teams as just being a mind-meld between Slack and Webex, you would be underestimating what Microsoft is trying to do with this software. And with the latest update, Microsoft aims to make Teams more of the connective tissue that will bring together its various Office applications, as well as a platform that can enable better collaboration among office workers. This post for Network Solutions’ blog goes into the details.


CSOonline: Homomorphic encryption tools find their niche

Organizations are starting to take an interest in homomorphic encryption, which allows computation to be performed directly on encrypted data without requiring access to a secret key. While the technology isn’t new (it has been around for more than a decade), many of its implementations are, and most of the vendors are either startups or have only had products sold within the past few years. While it’s difficult to obtain precise pricing, most of these tools aren’t going to be cheap: Expect to spend at least six figures and sign multi-year contracts to get started.

I review the early products in this market for CSOonline, describe some of the typical use cases, and provide some suggestions on how to evaluate them for enterprise uses.

In praise of cheat sheets

While my days of being in engineering school are in the paleolithic era, I do remember a fondness for cheat sheets, especially when it came time to cram for exams. I was recently reminded of this while watching a movie about NASA’s mission control doings during the Apollo era. On the screen flashed the following handwritten cheat sheet, to be used when one of the spacecraft computers was showing a particular alarm code. I believe it was compiled by Jack Garman.

This struck me as fortuitous — as some of you might remember, when the Eagle lunar module from Apollo 11 was making its descent to the surface of the moon, it had set off a 1202 error code. The engineers had experienced this code in previous simulations, and within seconds were able to tell Armstrong and Aldrin to just ignore it and carry on: the code indicated that the computer was being overwhelmed with inputs. Given that computer had the processing power of today’s coffee pots (1 MHz processor with 150 kb of RAM), it wasn’t a show-shopper.

But it also struck me as somewhat amusing too. Here is NASA, spending billions of dollars inventing all this technology, and the success and failure of the first moon landing came down to some engineer putting this one-pager together that saved the day. Garman had memorized these error codes and was able to quickly respond to the flight controllers that the landing could continue.

If you want to read more about the circumstances around the moon landing, check out what I wrote about in 2009. There are some links to interesting web pages that show simulators for the guidance computers and also a real-time video and audio of the entire mission.

If you want to see some good examples of the cheat sheet genre, Peter Nikilow has collected hundreds of them on his Pinterest account. If you have your own favorites, put a link in the comments and say what makes it so.

Tech innovations we owe to HotOrNot

Nineteen years ago, I taught a high school computer networking class for ten boys. It was my first time in a classroom, which had a live network and Internet connection using a bunch of Windows 95 computers, hard wired via Ethernet. We had some fun times with the class, which lasted all year, and I am still in touch with many of the students today. I can’t imagine trying to teach a class like that via Zoom, but that isn’t why I am writing about the experience.

One of the more memorable moments was when some of the kids posted my picture on, a new website that just celebrated its 20th anniversary and got some mention in Mashable here. I would urge you to read the entire story, even if you are in a stable relationship and don’t have any use for dating or matching sites. The story notes the many places where HotOrNot was ahead of its time, and lay the foundation for many of the web technologies we have come to know and love today. For example, the site connected online and offline social interaction in new and useful ways. Now we take this kind of connection for granted. Some other ground-breaking things:

  • Gamified ratings of each participant’s photo, now enshrined in Likes and up-votes across all the social media platforms.
  • Word-of-mouth traction: traffic doubled every few hours in its first weeks. In the piece there is this charming story about how UC Berkeley engineers figured out the extra traffic was coming from one of their servers that had been connected without approval on the campus network.
  • They very quickly put in place a subscription model and became cash-positive by using auto-renewing subscriptions. That was a rarity then but now is so commonplace that you would be hard-pressed to find a website that doesn’t do this.
  • Outlandish promotional billboards. They put up one with the two founders mostly naked, strategically covered by their laptops with low scores. The founders were nerds, after all. This is way before Oracle and numerous other tech companies used similar tactics, not to mention every airport ad ever used by a tech vendor. Remember airport ads?
  • Something not seen currently were a series of anti-bullying measures, include great take-down response time if someone complained about their photo. It has taken many tech companies far too long to figure this out.
  • A real tagline: keeping the site “fun, clean and real.” Unlike other taglines (don’t be evil, say), they actually meant it and ran their company accordingly.
  • Eliminate needless clicks: when it was first conceived, there was a “click to submit” button. That was eliminated.
  • Virtual goods purchased through real money, typically with Western currencies that could retain their buying power if they lived in other parts of the world. Now we have Bitcoin.Not sure that is progress.
  • Mutual opt-in messaging, a precursor to many what many subscription and dating  sites do, and the model behind Twitter’s DMs.
  • Inclusive dating to the same-sex world. While not as inclusive as today’s alphabet soup of non-binary genders, it was still innovative in moving beyond hetero norms.
  • Speaking of gender, HoN also had several female managers way before it became a cause. Again, this has taken way too long to implement.

Network Solutions blog: How to Counter Darkweb Threats With Proactive Security

Most of us tend to think about the web as a single destination, available through our browsers on our laptops and phones. But over the years there is a much more sinister portion of the web, called the dark web that isn’t easily discoverable by traditional search engines and could contains threats to your business operations and harm your reputation. I describe this shady underbelly and what kinds of information is available there, along with suggestions of tools that you can use to be more proactive about your security such as EchoSec Beacon,  Dark Owl ScannerSixGill’s DarkfeedRecorded FutureZeroFox and Digital Shadows’ Searchlight. These tools can help to provide near real-time access to threat data that is being shared on the darkweb on a variety of discussion forums and other places, again as a way to learn about the early stages of an attack.

Read my post on Network Solutions blog here.

Avast blog: Zerologon is a Nasty Windows Server Domain bug: Patch now!

A new vulnerability in Windows domain controllers has been discovered by security researchers at Secura. In a published paper in September, they found the cryptographic flaw and called it Zerologon. It takes advantage of the Netlogon Remote Protocol that is used in the authentication process. All that is to exploit this flaw – and compromise a wide variety of Active Directory identity services — is a TCP-level connection to the domain controller itself. Secura published a test tool on Github that can tell you whether a domain controller is vulnerable or not. Researchers have seen evidence of its use in the wild already, which is why you want to patch your servers asap.

You can read more about this scourge on my Avast blog post.