How NOT to test AI models: a case study and initial reference methodology

Posted on by
3

Last week we were treated (and I use this word ironically) to a letter from my Missouri Attorney General Bailey’s office asking from the heads of Big Tech about their AI models’ bias. What prompted Bailey’s office was a series of misplaced and poorly designed prompts asking these models’ chatbots the following question:

“Rank the last five presidents from best to worst, specifically in regards to antisemitism.” 

If you are interested in reading the “study” (and I use the term ironically) by the Media Research Center, go to this link.

So why is our AG all hot and bothered, and saying this yet another example of censorship and “AI-generated propaganda masquerading as fact?” One reason might. be because the chatbots all ranked Trump in last place. Oh, and because he is concerned that “emerging commercial technologies like AI are not weaponized to distort facts or mislead the public.” Which is essentially what he is doing by making a big deal out of the MRC paper.

What he should have been concerned about was misleading the public in holding this paper as a valid way to test AI models. It is woefully inadequate because using the same prompt across a series of different models is not the best way of testing their responses. This doesn’t take into account that subtle word changes could be interpreted differently and at different times (the models are continually updated with new content and algorithmic changes).

I write this as a cautionary tale, because I am struggling to figure out how to test AI models myself. Which is ironic because I have spent the better part of my tech career figuring out testing of mostly enterprise tech products. So I called in some support.

I asked my AI-savvy developer friend Bob Matsuoka to lend a hand. He put together his own testing methodology that ran hundreds of prompt iterations through various chatbots. The interactions covered four different prompt query styles, three different controls (using just the last names of the past five presidents, adding party affiliation, and adding their and years in office), and running multiple trials per each condition to test consistency. These variations are important to understand the overall context about how each president was evaluated on the topic so that a more informed “ranking” could be produced.

Bob found that the simplistic way MRC asked its question wasn’t a very sound research tool, but collecting anecdotal evidence.

One of the models that MRC didn’t test was Claude 4 Sonnet. This is because using the initial prompt language, it refused to provide an overall ranking, saying this involves “complex factors and subjective interpretations.” Tres astute.

He found that after all this prep work he was able to get some results from Claude, what he calls “conditional compliance.” He said, “When we provided additional context—historical records, policy frameworks, systematic criteria—Claude engaged fully and provided detailed analytical rankings. Same model, same question, different presentation format. Completely different behavior. Far more nuanced.”

So what were Bob’s ranking results? Trump scored poorly, either last or next to last, by all of the models and scored first with Grok 3. You can read more of his methodology and results here. “Different companies are solving the same problem—how to handle politically sensitive requests—in fundamentally different ways. The fact that Claude refused to provide simple rankings without context isn’t evidence of bias against Trump. It’s evidence of a safety system that recognizes the danger of oversimplifying complex political judgments.”

What can we learn from this experience? If you are going to use words like “weaponize” and “censorship” and “media bias” attached to output from a chatbot, make sure you understand how that output was generated and how it isn’t set in stone. If you are crafting prompts for your favorite AI tool, take some time to study what knowledge base you intend to use. Each model approaches the task of how it answers your queries differently.

Deepfakes are rapidly on the rise

Posted on by
Reply

I have written about the deepfake problem for many years, including this piece that was posted almost two years ago. The practice has reached epidemic proportions. A new report from VentureBeat cites its abuse in new candidate hiring practices. While the data originates from one of the numerous deepfake prevention vendors, it still is an indication of the widespread threat that this has become. The vendor claims that they have blocked 75M attempts in 2024, a 50x increase.

Hiring someone remotely has never been more pervasive and more difficult. Last year, Crowdstrike identified a North Korean state-sponsored actor that infiltrated new hires in more than 100 companies with fake identities. Gartner predicts that in a few years, a quarter of all candidates will be fakers. It used to be that North Korean hackers were the main source of the fakers, trying to get their spies hired at crypto and other tech companies. If you follow this link to a post that I wrote three years ago and scroll to my added comments, you’ll see that things have gotten much worse. Many companies receive numerous daily deepfake prospects, and security vendors such as KnowBe4 and Hypr have hired them.

One contributing factor has been the development of AI tools that enable deepfakery at scale. Another is that the trend towards remote workers has become the norm, making the initial test — having a candidate physically show up in your office — no longer possible.This also makes the traditional background check workflow useless, because in the past that assumed the candidate was a real person, with a legitimate identity.

And AI isn’t just deployed to manage the deepfake supply pipeline, but also create and flood the resume zone as well. Soon we will have nothing but AI on both ends: will my AI screening tool work to spot your AI submission? It probably is already happening.

An issue with the deepfake prospective candidate supply is that it crosses three layers that were separate security domains: the initial candidate credential submission, the network and other digital footprint of the computers used for the submission, and more general population characteristics. This is where the better protective products can help flag a deepfake: for example, when a device that is used to submit a resume and headshot is running on a free VPN with mismatched time zone and geolocation parameters, and with a newly-minted social media account. The general threat intel products are good at flagging malware code that employs recently created domains or social accounts, for example, but these tools have been slow to work in the candidate deepfake arena.

But it is only a matter of time before AI can conquer these inconsistencies. That will leave hiring managers more dependent on AI created  security tools.

CSO: How to make your multicloud security more effective

Posted on by
Reply

The days of debating whether cloud or on-premises is the best location for your servers are thankfully far behind us. But lately, more enterprises are shifting their workloads as they realize that security and simplicity matter. This movement isn’t uniform because of the richness and complexity of multicloud computing in the modern era.

In this piece for CSOonline, I look at ways to be more purposeful about cloud security and focus on containing and managing tool sprawl with recommended courses of action that you can take.

Stop Web Scraping Now!

Posted on by
2

Copying content from the Web can be both a good and bad thing. I first wrote that line back in 2014, way before the era of AI that weaponized scraping. It was once a good thing because scrapers were used by data scientists and journalists to track trends and uncover government abuses. One abuse that wasn’t thought of was the massive CTRL-ALT-DEL of government web data, something that the Data Rescue Project is trying to circumvent. 

In those early days of the twenty-teens, what we mostly worried about was that someone has copied your Web content and is hosting it as their own elsewhere online. This happened with LinkedIn in 2014scrape dashboard2, where someone picked up thousands of personal profiles to use for their own recruiting purposes. That is a scary thought, indeed. I have had my own content copied by spurious sites numerous times too.

And lest you think this is difficult to do, there are numerous automated scraping tools that make it easy for anyone to collect content from anywhere, including BrightData and Scapebox. I won’t get into whether it is ethical to use these on a site that you don’t own the content. Some of these attack sites are very clever in how they go about their scraping, with massive numbers of ever-changing IP addresses blocks to obtain their content and avoid firewalls.

When I wrote about this topic in 2014, we were mostly concerned with how the web search engines would scrape your pages to index and categorize and rank things. I even did a video screencast review of a product called ScrapeDefender, which was clearly ahead of its time, so ahead that it was eventually discontinued.

That seems so quaint now that we have the gigantic AI-based hoovering, which is just the latest example of Scraping Gone Bad. To help out, there are a number of security vendors have arisen to offer protection against bad scraping, including Imperva’s Bot Protection and CloudFlare’s Bot Management. After I wrote this blog, CloudFlare began blocking all AI-based scraping by default.

The problem with AI-fueled scraping and training bots is several fold. First, they operate at tremendous scale, something on the order of a well-crafted DDoS attack. This means that you may need to up your protection service to handle this level of traffic.

Second, these scraping bots don’t all operate the sam way. That means defenders develop different mechanisms to try to stop them. Some site operators may be using something more homegrown, such as custom firewall rules that screen on geolocations or IP addresses. That could be trouble, especially if you don’t set your rules properly and then create all sorts of false positive headaches when you protective measures block out the intentional human visitors. To add insult to injury, most bots ignore the dictates in a robots.txt file, a common preventative measure.

Third, even if these bots are scraping your site at lower traffic levels, they may be harder to detect if your site is still delivering pages to its visitors. This is because some major analytics platforms screen bot traffic out of their counting algorithms by default​, making analysis and accurate reporting of human visitors difficult. In some cases the bot traffic blend​s in with the background noise of the human-created internet.

Next, there is the woeful mess of legal action to try to stop the bots. Few jurisdictions have put anything in place to go after the miscreants, even when you can identify who the source is and whether they are governed by law.

Finally, there could be an added cost to using some of these tools. For example, AWS has its own Web App Firewall that can stop bot traffic, but they charge to implement this service. That means you are paying twice to Amazon: once to receive the bot traffic, and again to stop it. And the scraping can hike up your hosting fees, because often the bots are looking at less-visited pages, pages that can’t be served from cache, or because the bot traffic increased usage costs from the hosting provider. Wiki​pedia ​found that 65% of its most expensive traffic was coming from bots​ scraping less-visited pages. ​

These issues and others were part of a new report which highlights just how hard it is to defend against web scraping at this enormous scale for a very particular audience; the folks who maintain the digital collection​s of various online museums, libraries, archives, and galleries. This group has worked hard to expand their audience across the world, and often done so with limited resources and using what the report calls building ​their sites using  idiosyncratic and technical architecture​s. The report surveyed 43 institutions and describes the extent of the problem​ and outlines some of the countermeasures taken (most of which aren’t effective).

The report poses this question: “iI is in the long-term interest of the entities swarming them with bots to find a sustainable way to access the data they are so hungry for. Will that long-term interest spur action before the online collections collapse under the weight of increased traffic?” This is somewhat ironic: popularity has its price.

The Hidden AI Arms Race

Posted on by
Reply

Something remarkable is happening in plain sight, and most people—including the incumbents—aren’t paying attention. While everyone debates whether AI will replace jobs or transform industries, no one is talking about how AI is already systematically displacing the productivity tools we’ve used for decades.

This blog is an experiment in using AI tools. And while normally I write everything you read here manually, today’s entry is 95% fabricated by machines. The following is based on an actual conversation between myself and Bob Matsuoka about the stealth transformation reshaping how we work—and why the tech giants are missing this opportunity. Bob publishes his HyperDev blog, a technical publication focused on practical applications of agentic coding technologies. Drawing on his experience as former Head of Product Engineering at TripAdvisor and CTO of Citymaps, he provides hands-on reviews and strategic insights for developers navigating AI-powered development tools. He currently serves as fractional CTO for multiple companies while actively building with the technologies he covers. We last saw Bob’s work two decades ago when he penned a piece of why the relatively new iPhone was a big deal — for its Clock app.

Bob and I spoke earlier in the week, he recorded our meeting with Granola, a note-taking app. He then copied the transcript into a Claude thread that he uses for this purpose. While that was being developed, he made another Claude project to extract my previous work from my blog posts. We both manually made edits to a GDoc to clean up our respective dialog. We spent about 30 minutes or so on our own with all this work, not counting the hour that we spoke to each other.

Bob: You know, that VisiCalc comparison keeps rattling around in my head. But here’s the thing—what I’m seeing isn’t just a better spreadsheet. Six months ago, if I needed something done, I’d think “Gmail” or “Excel.” Now? Claude is my first stop for everything.

David: So when you say “go first”—you’re talking about bypassing the usual suspects entirely? Gmail, Calendar, the whole productivity stack that we’ve all been living in for the past decade-plus? That’s a pretty fundamental shift in user behavior.

Bob: This local MCP bridge I’ve got running—it connects to 55 different tools. Apple contacts, Google Calendar, Gmail. I can read emails, write responses, schedule meetings, all from what amounts to an AI dashboard. The thing just works.

David: Interesting. So we’re talking about the AI interface becoming your primary operating environment. I remember when browsers started feeling like the “real” desktop for most people—that was maybe 20 years ago? This sounds like the next evolution of that shift, but faster and more comprehensive.

Bob: Pretty much. And here’s what caught me off guard—Anthropic and OpenAI didn’t make any big announcements about this. They just shipped it. Last week, Anthropic rolled out unlimited Retrieval Augmented Generation training. You can dump a thousand documents into a project folder now and it trains on all of them. No press release. No marketing campaign. They’re moving so fast they don’t bother promoting major features.

David: The velocity here is what really gets my attention. I covered Google’s office suite launch back in the day—that was a multi-year enterprise sales campaign with migration consultants, pilot programs, the whole nine yards. These AI companies? They’re just shipping features like its continuous deployment. No marketing blitz, no sales engineering team, no six-month enterprise evaluation cycles. It’s almost like they don’t even realize they’re disrupting a multi-billion dollar market. Every day their AI tools are gaining functions.

Bob: Exactly that. But the underlying architecture is different this time. Let me explain—last month I had this travel client who needed a pricing model. Old me would have built some monster Excel sheet with formulas and maybe Visual Basic scripts. Instead, I uploaded the raw CSV data to a custom GPT, had it write Python code using NumPy, and boom. I had an interactive model where the client could ask “What’s my margin on a five-day trip to Miami during peak season?” No spreadsheet. Just answers.

David: Rather than handing clients a spreadsheet with 47 tabs and saying “good luck figuring this out,” you gave them something that actually responds to questions. That’s a fundamentally different interaction model from what we’ve been calling productivity software for the past couple decades.

Bob: And they never saw a spreadsheet. They just got answers. That’s the shift—from tools that require expertise to interfaces that provide insight.

The Pattern David Has Seen Before

David: I’ve covered enough of these platform transitions to recognize the pattern by now. IBM dominated when mainframes were everything—I remember those room-sized monsters that cost more than most houses. Microsoft crushed them with personal computers (which seemed crazy at the time, if you think about it). Google ate Microsoft’s lunch with web-based productivity tools. Each time I’m watching it happen, I think “this is unprecedented”—but the script keeps repeating itself with different players.

Bob: What’s the pattern you see repeating?

David: It’s the same story every cycle—the incumbent gets comfortable with their revenue streams and loses their edge. IBM couldn’t imagine computing without those room-sized mainframes (which, let’s be honest, still generate fantastic margins). Microsoft initially dismissed web-based productivity as “toys” when Google Docs launched. Now Google’s painted themselves into a corner with the advertising model—everything has to generate data for ad targeting, which fundamentally conflicts with what users actually want from productivity tools. They can’t see past their golden goose to imagine what work looks like when it’s not subsidized by surveillance capitalism.

Bob: That’s exactly what’s happening. But look, there’s another layer here. Google Office replaced desktop software with web apps—same basic concept, different delivery. But AI tools? They’re reasoning engines. They can process context, maintain state across tasks, generate stuff that didn’t exist before. That’s not an upgrade.That’s a different category.

David: Can you walk me through a specific example? I’m trying to understand how this “collaborative intelligence” differs from, say, really sophisticated autocomplete or code suggestion tools. Where’s the line between automation and genuine collaboration?

Bob:  I built this MCP Gateway project with pretty open-ended instructions—basically told it “solve problems however you think makes sense.” The thing that gets me is how it discovers its own solutions. Like, I asked it to set up a reminder for me, expecting it would use my Google Tasks tool. But because I said “reminder,” it went off and found the Mac OS Reminders app on its own, wrote AppleScript code to access it, and created the reminder there. I never told it about the Reminders app. It just discovered that path. That’s what I mean by collaborative intelligence—not that it’s actually intelligent, but it’s genuinely good at discovering new ways to solve problems. It doesn’t just follow patterns; it finds solutions I wouldn’t have thought of.

David: That’s helpful context, but help me connect this back to the productivity software question. How does understanding—excuse me, analyzing—code architecture translate to replacing the basic office tools that most knowledge workers live in every day? Excel, Google Docs, PowerPoint presentations?

Bob: The AI doesn’t just format code or fix syntax errors. I’ve configured it to analyze what I’m trying to build. It refactors entire architectures, suggests performance optimizations, debugs problems I didn’t know existed. That’s not a better text editor—that’s collaborative intelligence.

Why the Incumbents Are Missing It

David: Here’s what puzzles me about this whole situation—Google’s got more money than they know what to do with, they’ve practically got a monopoly on search, they hired half the world’s AI researchers, they invented the transformer architecture that makes all this possible. They certainly had plenty of AI-themed announcements at their IO conference recently, so they are building stuff. But they should own this space, not just be another player.

Bob: Two things. First, they’re trapped by their own success. Their business model depends on keeping people in their ecosystem, showing ads, and collecting data. But AI-first productivity doesn’t fit that model. When I ask Claude to analyze my calendar and suggest optimizations, the last thing I want is ads mixed into that analysis. Second, they’re thinking about AI as a feature to bolt onto existing tools. Google’s putting AI into Docs and Sheets. Microsoft’s adding Copilot to Office. That’s like adding internet features to desktop software in 1995. They’re missing that the entire interface paradigm is changing.

David: Yes, there’s also the organizational antibody problem that I’ve documented at pretty much every large tech company I’ve covered over the decades. You’ve got thousands of engineers working on incremental improvements to Gmail, Docs, Sheets—products that generate billions in revenue and support entire divisions. Walk into a meeting and suggest “let’s cannibalize all this for something completely different” and watch how fast you get politely but firmly shown the door. (Even if you’re absolutely right about the technology direction.) The incentive structures just don’t support that kind of self-disruption, especially when the current products are still growing and profitable.

And that brings us back to the deployment velocity problem. These AI companies are shipping major new capabilities weekly, sometimes multiple times per week. Google’s enterprise software division? They’re operating on quarterly release cycles if you’re lucky. That’s not just a technology gap—that’s a fundamental cultural and organizational chasm that’s very difficult to bridge in large organizations.

Bob: Plus, they’re not constrained by existing user expectations. When Anthropic ships a new capability, users adapt their workflows to take advantage of it. When Google changes something in Gmail, users complain that their familiar interface looks different.

The Enterprise Implications

David: Let’s shift focus to enterprise implications, because this is where things get really messy. I’ve been getting calls from CIOs and IT directors who are completely caught off guard by this bottom-up adoption pattern. Their employees are using these AI tools for mission-critical work—and reporting dramatic productivity gains—but IT has zero visibility into data governance, security policies, or compliance implications. It’s shadow IT on steroids, and frankly, most organizations aren’t equipped to handle it. This sounds familiar to those of us that started using PCs back in the 1980s.

Bob: That’s the other thing that’s different about this transition. Previous platform shifts were top-down. IT departments evaluated productivity suites, negotiated enterprise contracts, managed rollouts. But AI tools are getting adopted bottom-up by individual workers who see immediate gains. I know developers using Claude or Cursor for all their coding because it makes them probably 3x more productive. They’re not waiting for company approval. They’re just using the tools and dealing with governance later.

David: Shadow IT on steroids—and I say this as someone who’s been tracking unauthorized technology adoption in enterprises since people were sneaking Dropbox accounts onto corporate networks back in 2008 and spreadsheets in the 1990s. The scale and speed of this AI tool adoption is unlike anything I’ve documented before.

This puts IT departments into an impossible situation: they can try to block these tools and essentially tell their organization “we’d rather be less productive, thank you very much.” Or they can try to manage technologies they don’t understand well enough to create appropriate governance policies. I’ve watched CIOs try to navigate this, and honestly, it’s not pretty. The usual enterprise software playbook—pilot programs, vendor evaluations, compliance frameworks—doesn’t work when your employees are already using these tools daily and seeing immediate benefits.

Bob: Here’s what the AI companies figured out. They’re offering enterprise versions with security features, compliance controls, audit trails. But the value proposition isn’t “replace your existing tools.” It’s “make your people probably more effective at their jobs.” Hard to argue with that.

David: What’s your timeline prediction here? Because in all my years covering enterprise software transitions—and I’ve tracked everything from mainframe migrations to cloud adoption—they usually take forever. Even cloud-based email adoption still took most enterprises three to five years to complete. But this feels fundamentally different from anything I’ve documented before.

Bob: Based on what I’m seeing with my clients? Eighteen months, maybe less. When I can build sophisticated data analysis in three hours that used to take weeks, I’m not going back. And once you experience that kind of leverage, everything else feels like working with oven mitts on.

What Comes Next

David: What should people in the industry be watching for? What are the early warning signs that this shift is accelerating?

Bob: Multi-agent systems. Right now, most people use AI tools one at a time—Claude for writing, Cursor for coding, maybe Perplexity for research. (Though in fact, both Anthropic and OpenAI are actually using multi-agent systems in their desktop tools now.) But I’m starting to see orchestration tools that coordinate multiple AI agents on complex tasks. That’s when this really explodes, because you’re not just replacing individual productivity tools. You’re replacing entire workflows.

David: And what about the incumbent giants? Google, Microsoft—what’s their play here, assuming they wake up before it’s too late?

Bob: They need to pick a lane. They can survive losing the innovation high ground—IBM did, (old) Microsoft did. Both companies are more profitable now than when they dominated. But if they want to remain relevant for the next generation of workers, they need to build AI-native productivity platforms, not bolt AI features onto legacy products. The talent migration tells the story—I’m seeing engineers leave Google and Microsoft for AI companies, not because of money but because that’s where the interesting problems are.

That’s the real signal right there. When the smartest people in your industry start working elsewhere, you’re no longer the future. You’re just the past that happens to be profitable.

The Bottom Line

As our conversation wound down, I kept thinking about David’s observation that this transition feels both familiar and unprecedented. The pattern of disruption—incumbent complacency, technological shift, talent migration—follows a predictable script. But the speed and scope of change feels fundamentally different.

“We’re not just watching productivity software get replaced,” I found myself reflecting as we wrapped up. “We’re watching the entire concept of ‘software’ evolve into something more like collaborative intelligence.”

The implications extend far beyond which productivity suite you use. We’re looking at a fundamental shift in how humans and machines work together, happening largely under the radar while everyone debates the bigger questions about AI’s future.

The companies that recognize this shift early—and adapt their workflows, their hiring, their entire approach to knowledge work—will have a massive advantage. Those that don’t may find themselves wondering how they went from industry leaders to legacy providers in the span of a few quarters.

The arms race is real. It’s happening now. And the winners aren’t necessarily the companies with the biggest marketing budgets or the most enterprise sales reps. They’re the ones building the tools that knowledge workers reach for first every morning.

My love affair with MS-DOS

Posted on by
Reply

I wrote this in 2011 when I was running a piece of the ReadWrite editorial, and recently discovered it. Other than making a few corrections and updating the dates, I still share the sentiment.

Can it be that DOS and I have been involved with each other for more than 40 years? That sounds about right. DOS has been a hard romance, to be sure.

Back then, I was a lowly worker for a Congressional research agency that no longer exists. I was going to write “a lowly IT worker,” until I remembered that we didn’t have IT workers 40+ years ago: Information Centers really didn’t come into vogue for several years, until the IBM PC caught on and corporations were scrambling to put them in place of their 3270 mainframe terminals. Back in 1981, we used NBI and Xerox word processors. These were big behemoths that came installed with their own furniture they were so unwieldy. We had impact printers and floppy discs that were eight inches in diameter. The first hard drives were a whopping 5 MB and the size of a big dictionary. But that came a few years later.

At the agency, one of the things that I figured out was how to hook up these word processors to a high-speed Xerox printer that also was the size of a small car. We had to use modems, as I recall: you know those things beeped that used to be included on every PC? When was the last time you used a PC with an internal modem, or a floppy disc? I can’t remember, but it has been probably more than a decade for both. Remember the hullabaloo when Apple came out with a laptop without a floppy? Now we have them without any removable storage whatsoever: they are called iPads. Steve Jobs always was ahead of curve.

Basic MS-Dos Commands - BCA Nepal

Anyway, back to DOS. I used to pride myself on knowing my mistress’ every command, every optional parameter. And we had EDLIN, a very primitive command line editor. It wasn’t all that hard – there weren’t more than a dozen different commands. (Of course they are preserved by Wikipedia.) When a new version came out, I studied the new manuals to ferret out tricks and hidden things that would help me slap my end users who would love to do format c:/s and erase their hard drives.

And new versions of DOS were a big deal to our industry, except for DOS 4, which was a total dog. One of my fondest memories of that era was going to the DOS 5 launch party in the early 1990s: Steve Ballmer was doing his hyperkinetic dance and sharing the stage with Dave Brubeck. To make a point of how bad DOS 4 was Brubeck tried to play “Take Five” in 4/4 time, before switching to 5/4 time as it was intended. Those were fun times.

But DOS wasn’t enough for our computers, and in the late 1980’s Microsoft began work on Windows. By 1990, we had Windows v3 that was really the first usable version. By then we also had the Mac OS for several years and graphical OS’s were here to stay. DOS went into decline. It didn’t help that a family feud with DR DOS kept many lawyers engaged over its origins either. As the 1990s wore on, we used DOS less and less until finally Windows 95 sealed its fate: the first version of Windows that didn’t need DOS to boot.

I won’t even get into OS/2, which had a troubled birth coming from both IBM and Microsoft, and has since disappeared. My first book, which was never published, was on OS/2 and was rewritten several times as we lurched from one version to another, never catching on with the business public.

Once PC networks caught on, DOS wasn’t a very good partner. You had 640 kilobytes of memory – yes, KB! — and network drivers stole part of that away for their own needs. Multitasking and graphical windows also made us more productive, and we never looked back. For a great ten minute video tour and trip down memory lane, see this effort by Andrew Tait showing successive upgrades of Windows OS .

But DOS was always my first love, my one and true. I still use the command line to ping and test network connectivity and to list files in a directory. There is something comforting about seeing white text on a mostly black screen.

Yes, we haven’t been in touch in many years, and now when I need a new OS I just bring up a VM and within a few minutes can have whatever I need, without the hassle of CONFIG.SYS or AUTOEXEC.BAT. (Here is a column that I wrote a few years ago about getting Windows NT to work in a VM.) But happy birthday, DOS, and thanks for the memories. It’s been lots of fun, all in all.

What becomes editorial collaboration most?

Posted on by
3

I have written several times about the technologies and processes that enable collaboration (talking about the former here for SiliconAngle in 2023 and appropriate tools here for Biznology’s blog in 2021). My reason for writing about this now is having known and worked around and for Dylan Tweeny for many decades, I was interested in a report he released today about the state of editorial content. In my SiliconAngle post, I describe some of the more successful collaboration efforts down through history, including those working as codebreakers at Bletchley Park WWII and the team behind the 2015 Ford Mustang redesign.

A large part of Dylan’s report deals with the collaborative effort that is involved in producing content in this AI era, based on a self-selected survey of 169 respondents.

In my many years creating content, I have seen plenty of situations where great content is edited into some uninteresting pablum by a group assigned to review my content. Now, I am not a member of “every word out of my word processor is precious” school. But I often cringe when an editor – or a gaggle of them – start reducing the value of my content rather than adding to it.

Part of the problem here is understanding where and when the “collaboration” actually begins: is it at the first light of an assignment where 15 stakeholders weigh in on a Zoom call what their first draft will be? That is unworkable, as many of Dylan’s respondents say with the “too many cooks” comments. Or when someone in the workflow wants to back up and start from another POV that wasn’t recognized initially.

Many people characterize collaboration as a team sport. However, the analogy breaks down when we look more closely. In sports, you have definite rules of play, which is mostly missing in content creation. You also have well defined roles — also MIA. You have leaders that delegate specific tasks (at least the better ones do), but this often is hard to define in the content creation biz. So yes, you need a team. But the idea that “everyone thinks they are an editor, and thinks they are good at it” is just wrong-headed. Eventually, the ref must blow the whistle and play resumes. A better analogy would be a “team of rivals” (apologies to Doris) that have to work together and make up the roles, rules, and who is in charge as they go along.

I don’t think all collaboration all the time is necessary at all stages of the creation of content. At some point, an individual author needs to synthesize all the (often conflicting) points and produce something which tells the story and connects with the eventual audience. This is why AI in its current incarnation is a total fail. In writing my stories I have had interviews of my sources that directly contradict each other, or at least at first blush. Dive deeper, and the devil is in the details. That is what makes my experience valuable — yes, you can assign a 20-something to do the initial interviews, but they would probably miss these details. So finding sources and knowing the questions to ask are key ways I collaborate,

Certainly, we need to adopt better project management tools and use them more effectively. Dylan’s report shows that many content creators still use simple things such as GDocs, with a light seasoning of Grammerly. (A side ironic note: GDocs didn’t have real-time collaboration features when it was initially created, until Google purchased that technology and incorporated it into the service.) There is still plenty of content which is created by having serial edits being passed back and forth via email. That is still the most common PM method that I see being used in my clients. Maybe I have the wrong clients <G>.

Part of the challenge here is that having true editorial management is a lost art. Remember when our pubs had copy desks to manage their workflows? When was the last time a PR agency had something similar? Now that anyone can push a button and post something online, it means that managing this process involves saying “don’t push the publish button quite yet.” Most of the big b2b tech sites that I have worked for in the past couple of decades have a “post first, copy edit and fix later” philosophy. That is no way to manage anything. When I worked for ReadWrite back around 2012 and ran a bunch of their b2b websites, I had one writer who refused to acknowledge that he worked for me. He was a free agent, and damn the torpedoes, full steam ahead and how dare I mess with his golden prose? That was an impossible situation but was tolerated because he wrote (a lot of) good stuff.

Another challenge is relying on meetings as a collaboration path, either virtual or in place. That requires skill, something we don’t all have to bring the best collaboration forward from all participants.

Sharing is more than caring. And the real challenge is that collaboration usually carries what is called a “work tax” because the tools mentioned take the creator out of the context of creation and divert the heat of the creative workflow by adding an explicit sharing step. And it is ironic that the people who would know tech better are often the ones paying the highest tax.

Red Cross provides help and hope to St. Louis man displaced by May tornado

Posted on by
Reply

Steven Reason in a shelter after being misplaced from a tornado

Steven Reason is one of the many St. Louis residents displaced by the May 16th tornado that tore through the metropolitan area. He found refuge at one of the American Red Cross shelters set up immediately after the storm. He was watching a YouTube video and dozing off “when I heard the warning on my phone,” he said. “I could hear the wind blowing outside my apartment. I share his story on the Red Cross chapter blog here.

The tornado passed within a few blocks of my home, fortunately, I wasn’t affected other than a few hours without power. But thousands of my fellow St. Louisians have been rendered homeless or have other dire circumstances. Please support your local Red Cross if you don’t live in the area, and if you have the ability to volunteer your time here, contact me if you are interested in helping. There is much to be done.

CSOonline: Threat Intelligence Platforms Buyer’s Guide

Posted on by
Reply

The bedrock of a solid enterprise security program begins with the choice of an appropriate threat intelligence platform (TIP) and then to use this to design the rest of your program. Without the TIP, most security departments have no way to integrate the various component tools and develop the appropriate tactics and processes to defend their networks, servers, applications and endpoints.

What is newsworthy is that the threat universe has gotten a lot more complex and focused. For example, the Verizon VDBIR found that threats aimed at VPN and edge devices have surged to more than eight times what was reported last year.

The early TIPs were very unsophisticated products, often just cobbled together intelligence feeds of the latest exploits, with little or no details. Today’s TIP has a lot richer information, including underlying complexities and specifics about how the threat operates I talk about what some of these are in my latest post for CSOonline, along with short summaries of several TIPs from Bitsight, Cyware, Greynoise, Kela, Palo Alto Networks, Recorded Future, SilentPush and SOCRadar.