Category Archives: digital home

Where is your phone central office?

Posted on by
2

I have written before about my love affair with telephone central offices. This past week, we all now know where Nashville’s CO is located, and we mourn for the people of that city. Nashville is a city that I have been to numerous times, for fun and for business. Little did I realize as I walked among the honky tonk bars and restaurants on Second Street that I was passing by its main CO, which offers a wide range of communication services.

Like the CO that was buried by the collapse of the World Trade Center back in 2001, there was a lot of water damage from the firefighters, and the Nashville repairs were hampered by having to work around the crime scene investigators. But still, within a few days AT&T was able to get various services back up and running, including 911 and airport communications, along with wired and cellular services. The company deployed a series of portable cell towers around the region. The lines that went through this CO connected not just Nashville but areas that were in adjoining states.

This is the conundrum of the CO: in the early days of telephony, they had to be located in densely populated areas, because stringing copper lines from each termination point cost money. To shorten the lines, they had to put them near the people and businesses that they were connecting. This means that you can’t easily protect them with physical barricades a la Fort Knox (or other government buildings). Plus, there are more than 20,000 COs in the US by some estimates. That is a lot of real estate to protect or potentially relocate.

COs are also relatively easy to find, even though many of them are located in nondescript building in major urban areas. My own CO sits like Nashville’s across from a similar collection of restaurants and commercial businesses. There are websites lovingly constructed by other fans of telecom, such as this one or this one that show photos of the actual buildings (although you will have to work a bit to find their street addresses). In my blog post from 2018, I posted pictures of several COs that I have been to, including one on Long Island where I brought my high school networking class on a field trip back in 2001.

Whether or not the bomber was intentionally targeting AT&T’s CO or not, one thing is pretty clear to me: these COs are the weak points in any terror campaign. I don’t have any real solutions to offer up here, just an aching spot in my heart for the men and women that have built them and keep them running.

N.B. This is the last day of a horrible year, a year punctuated with my own personal health story that had nothing to do with Covid. I want to send out a note of thanks to all of you that took the time to send me your support, and hope that you found your own support team to help you along as well. Here is my wish that 2021 will be better for all of us, and that we can support and care for each other to make it so.

Who benefits most from Facebook: the right or the left?

Posted on by
5
What I will take away from 2020 — apart from the worldwide pandemic and my own health issues that had nothing to do with it — is how Facebook solidified its position and the primary incubator for hate groups. And despite repeated attempts to try to prove otherwise, it continues to fan the flames of hate from both sides of the political spectrum. Instead of helping free speech, it is poisoning the world with its memes and encouraging like-minded people to join in its toxic spew.
This piece by Adrienne LaFrance in the Atlantic goes further, saying that Facebook has become the embodiment of the “doomsday machine,” first made popular during the Cold War and the central plot device of Dr. Strangelove, a movie we should rewatch in this new context. “Facebook does not exist to seek truth and report it, or to improve civic health, or to hold the powerful to account,” she says. “It has the power to flip a switch and change what billions of people see online. No single machine should be able to control so many people.”
Does Facebook cater more towards the left or right of the political spectrum? Earlier this month, we were treated (if you’ll forgive me) to both Zuck and Jack Dorsey being grilled by the Senate Intelligence Committee. (Here is the coverage by the NY Times.) Half of the questions asked by the Republican Senators were about censoring conservative voices and what political parties were supported by their staffs. “Facebook and Twitter have maintained that political affiliation has no bearing on how they enforce their content moderation rules,” said the Times. I would agree: they support hate from both sides of the political spectrum.
If you examine Kevin Roose’s Top 10 list of Facebook posts on Twitter, you can see if you go back to before the election that these lists were dominated almost completely by right-wing groups. More recently it has been more evenly split right/left, but still there are days where only a couple of the top 10 are from moderate or lefty outlets. This article from October documents how Facebook routinely sets rules for content moderation, then breaks them in favor of posting right-wing viewpoints. This has resulted in an outsized reach and engagement, which eclipse more centrist or left-leaning POVs.
Going back to the summer of 2019 when there was that White House right-wing blogger summit, we saw a marked spike in their support as documented by the Washington Post.
But this issue is getting to be old news. Just this past week, Facebook put up this web page, accompanied with full-page newspaper ads claiming that they are on the side of small businesses. They are going after Apple’s attempt to eliminate tracking cookies and make your mobile activities more private. Apple has proposed a pop-up warning when it detects a cross-site cookie, with this mockup. One analysis of the conflict says this illustrates Apple and Facebook’s different approaches to privacy and whether endusers or advertisers will foot the ultimate bill. Regardless, the irony and shameless factor from both companies is too much.
I usually come to this point in my posts where I offer some suggestions. Sadly, while our Congress continues to ask the wrong questions, there are no easy ways out of this. And even though we have destroyed many of our nuclear warheads, with the billions of us fueling social media’s every moment, there are far too many silos that are distributed across the planet, ready to launch their hateful rhetoric at the push of a button.

Securing your IRS online account

Posted on by
6

It is hard to believe that it has taken the US IRS all this time to figure out a better authentication mechanism for taxpayers. But starting next month, all taxpayers can apply for an identity protection personal identification number (IP PIN) to block identity thieves from falsely claiming any tax refunds. To give you an idea of the magnitude of this problem, the IRS says several billions of dollars of phony refunds have been prevented through its half-hearted efforts to date. This includes phony refunds that are issued to taxpayers who never filed returns.

The IP PIN process used to be for high-risk taxpayers: those who have been victims of refund fraud attempts in the past. Starting next month, we can all join this party (hopefully not the victims group). They explain all of this here, which they call “secure access.”

To participate, you will need a “real” cellular phone number (vs. an IP service like Google Hangouts) and your email address. You will also need a credit card or some other financial instrument (not a debit card) to prove your identity. If you are concerned about giving your phone number to the IRS, you can substitute your postal address and they will send the confirmations that way.

The IP PIN is a six-digit code that changes annually. That is annoying — why not use Google-like authenticator smart phone app —  and to make matters more confusing, this differs from the five-digit PIN that is used during the e-filing process for your return. (When I first typed in e-filing, I didn’t use a hyphen and one of the suggestions was effing. That isn’t too far from reality. But I digress.)

Even though the IP PIN effort isn’t happening until next month, you can sign up for your IRS electronic account now.  (CORRECTION: The IRS took down the service until January, see the link in my comment.)

This will be a prerequisite for the universal IP PIN process. You’ll notice that particular link isn’t mentioned in the earlier link that explains what secure access is: Dontcha just love our gummint? Anyway, I spent about 20 minutes getting my digital ducks in order for myself and about the same time for my wife’s account. My first credit card for some reason wasn’t accepted, and the site was initially down the time I tried to sign up my wife. I was going to use my Amex card but the IRS doesn’t take that either. Eventually, both of us passed muster and created our accounts It was nice to see that we didn’t owe the IRS any money from past filings.

If this has awakened a desire to be more proactive about protecting your digital identity, Brian Krebs has a bunch of other suggestions that he calls “planting your digital flag.” They are all good ones, although if you are paranoid about your privacy you might want to think about the security tradeoffs you are making.

Book review: Tom Clancy’s Net Force Attack Protocol

Posted on by
Reply

This is the latest in a series of books written by others, in this case by Jerome Preisler. I had high hopes for this book, which is part of a series  about a new cybersecurity-enhanced Seal Team type of military commandos. This shows how good an author Clancy is, and how Preisler is just a pale imitation. Like the “Rocky” movie sequels, the book picks up where previous books end, so you really can’t realize your full value if you read it as a standalone volume. And it just ends at some random plot point, without really resolving many of the characters’ situations. Like Clancy, it is filled with jargon, weaponry, mil-speak, and plenty of explosions and gun play. Unlike Clancy, none of this really makes much sense or is essential to moving the plot along, or even mildly interesting. As someone who works in cybersecurity, I thought its treatment of the IT issues were just juvenile and superficial and didn’t draw me into the narrative or characters. Plus, the actual advanced cybersec defenders are less dependent on those macho things that shoot bullets and more on using their brains and computer skills.  If you are hungry for more Clancy, pick up one of his old classics like “Red October.” Or if you want to read a series that has much better character and plot development how an actual cybersec team works, check out this series.  In either case, you should give this Protocol a pass.

Buy the book from Amazon here.

Network Solutions blog: an IT professional’s guide to virtual events

Posted on by
Reply

You’re in your comfort zone. Maybe you’re solving problems related to IT security, network management or cloud computing. Perhaps you’re helping someone reset their password or get set up on a VPN. Whatever the task is, you feel good about it. You understand your specialty, and you like to stay focused on doing what you do best. Then, one day, someone in your organization messages you and asks you to help run a virtual conference.

Time stops. Your hand freezes on the mouse. The text cursor blinks in the reply field, counting down the seconds until you have to respond. A virtual conference? How do you even start to prepare for something like that?

It might be outside of your wheelhouse, but the truth is that IT professionals like you have a critical role to play in facilitating and troubleshooting virtual conferences. Your team needs your help to ensure the event goes smoothly. You’ll need to choose the right conferencing solution, find event management software that fits your needs and learn how to work with a production team. Then, when the big day comes, you’ll have to perform live troubleshooting to make sure it stays on track.

Download my latest eBook from Network Solutions here to learn more about best practices in supporting virtual events.

There was no hacking of our elections. Period.

Posted on by
10

I have struggled trying to write something about the underlying IT of our recent elections without making this overtly partisan or political. So here goes: there was no hacking of our ballots. We had probably the most secure election in our nation’s history. No foreign power changed any ballots. Numerous recounts verified the results. Biden won, fair and square.

Yes, the precise tabulation of votes was off by a few votes here and there. But not enough to change the overall result or who will become our next president. The states that were called for each candidate – including an early prediction by Fox News that Biden won Arizona on election night — remained unchanged.

Sunday night on 60 Minutes Chris Krebs was interviewed about his role in securing our election. Krebs ran the Cybsersecurity and Infrastructure Security Agency for DHS for several years and built up a powerhouse support team for local elections officials. If you haven’t yet watched the segment, please take the time to do so, or at least read the transcript of his interview. He makes it very clear what happened, and more importantly, what didn’t happen. The claims by our president are just pure fantasy.

Krebs reiterates the points made in this November 12th letter signed by various government election officials who have been supporting the underlying security efforts: “There is no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised.” Krebs wrote an op-ed for the Washington Post.

Krebs and his team put together a special website called “rumor control” that is still online. It contains FAQ about rumors and misinformation about our electoral process. We should have similar pages across all government agencies, especially in these times where facts are hard to come by. The Rand Corporation calls this truth decay and how we can’t agree on the facts anymore.

Ironically, many of these rumors were started by our president and his advisors.

Krebs was very accessible on election day, hosting a series of teleconferences with reporters every few hours. It was an odd series of briefings. I kept waiting for the ball to drop but as the day wore on, it was clear that our vote was clean. “It is just another Tuesday on the Internet,” Krebs said at one point. It was clear that he had done his job well, and we should have praised him. Instead, he was fired by a tweet a couple of weeks later.

In the process of writing about elections security for Avast’s blog, I have met and interviewed some of the computer scientists who wrote their own letter. They firmly state that claims about rigged elections “either have been unsubstantiated or are technically incoherent.” This includes allegations about the operations of one of the tech voting machine vendors: there was no wholesale transfer of votes.

Another irony: it is the abundance of paper ballot backups – and the 100M people that voted early and by mail — that made these claims false. Look at the Georgia manual recount. Yes, Georgia has had some tech problems in the past year, documented by this investigation in the Atlanta newspaper. But they ultimately pulled it together for November. Again, their final tally differs by a few votes here and there. There were some counting errors, but those were done by humans, not computers. And more importantly, they were discovered and corrected. The final tally for both candidates increased slightly. But Biden’s victory margin was tens of thousands of votes and remained intact after the recount. What is more impressive is the number of counties where the counts remained exactly the same.

Our elections – and our democracy – worked. Krebs said last night that it is “a travesty what is happening now with all these death threats to election officials. They are defending democracy. They are doing their jobs.” Here is more from another interview where he talks about these threats to a WaPost reporter.

Coping with Covid contention

Posted on by
2

With the election and the holidays approaching, you may be experiencing some conflicts with family and friends when the conversation turns to Covid. It has been a hard year for all of us, whether we are under extreme lockdown or just trying to get our kids through the school day. This post will hopefully provide some pointers on how to cope. If only things were as easy as that infamous Monty Python sketch. 

When I was seeing my own conflicts over the pandemic, I first thought to bring in a professional mediator. I’ve known June Jacobson for close to 20 years. We first met under very difficult circumstances: I was getting divorced and my (now) ex-wife and I had decided to try her rather than both hire our own lawyers. Our sessions with her didn’t work out, but June and I remained in occasional contact.

June continues to work almost exclusively with mediation for divorcing couples and has had several families who have come to her explicitly about resolving their Covid issues. Certainly Covid has changed the nature of her consultations. “Everything is happening online,” she told me in a recent call. “While it is true that people don’t have to travel, they may not have a home environment that can be private enough, especially if they have kids or other family members living with them. Spouses who are still living together sometimes have to share the same computer screen, which can require close physical proximity that may not feel comfortable or safe.”

This lack of compartmentalization has accelerated some issues with divorcing couples and these times are trying ones for couples that are nearing the end of their marriages. “More people want to get divorced now that they have been incarcerated with their spouse all this time.”  Still, the basics of mediation haven’t changed. “Usually, when a couple first comes in to see me, they need a shared agenda and a common plan. I use some tools from therapy to help with listening to each person’s point of view, and try to facilitate communication and contribute to mutual understanding.” She has a wide spectrum of training, including social work and legal degrees. “What makes mediation successful is that there are usually overriding values that enable a couple to come to the table to reach a mutually acceptable outcome. We try to focus on the future, not get stuck in the past with trying to agree on a narrative of the history of their relationship. My job is to be non-judgmental about this historical context, to understand and respect their realities, and sometimes to hold alternative versions of reality from each partner in mind.”

Part of the Covid contention is that people start out from wildly differing fact bases. Then stir in a few conspiracy theories and what you have is truly a failure to communicate. Covid has certainly made things harder for families that have to run their businesses and schools and day care all out of a house that is maybe severely space-constrained and ill-designed for these multiple purposes.

While I was talking to June, I read this NYT article by Charlie Warzel about coping with difficult family discussions. Warzel has several tips on how to interact with your family members with Covid contention:

  • Give people an understanding of their information environment
  • Create a bit of common ground and lay the foundation to explore how unproven conspiracy theories differ from reality
  • Fact-checking is valuable but don’t count on it to change someone’s beliefs
  • Don’t debate these issues on Facebook
  • Don’t be a scold — be gentle, compassionate and patient
  • Know when to walk away and try another day.

These gambits sound good in theory, but in the real world it is hard to implement them in practice. But I want to end this post on a lighter note, so I will leave you with one last link, to a clip from Lewis Black’s latest comedy routine, where he touches on this contention. The clip is NSFW but very funny. Almost as funny as the Pythons’ bit.

Book review: Mirror Man

Posted on by
Reply

At first glance, the plot line of this book seems tired: part clash of the clones, part “Total Recall” memory conflicts, part retread sci-fi mystery. But as you get drawn into the book, which concerns a pharma marketing exec who volunteers for an illegal cloning experiment, replacing himself with a clone for a year, you find out it is quite original and intriguing. The clone — and his body double who is locked away — are both carefully observed, although not as carefully as the scientists think. By the time you reach the end, you’ll have thoroughly enjoyed this book, and the combination of sci-fi and mystery is a nice balance. Highly recommended and I might have to rewatch the original Total Recall just to savor some of those memories, wholesale.

Here is an excerpt from the new Jane Gilmartin novel.

 

Cord cutting ain’t easy

Posted on by
13
For years now many tech folks have discussed cord cutting. This usually refers to eliminating the traditional cable TV provider and replacing it with one or more streaming TV services. Earlier this month I spent a week trying to eliminate AT&T Uverse cable TV service from my life. It was a dismal failure. I first tried Hulu Live TV, then YouTube TV. Both would have saved me about $75/month if they worked as promised. What I found out is that there are two general conditions that these streaming/cord-cutting services are a good fit for:
— If you just have one TV (or have all relatively recent smart TVs) and
— If you have a cooperative family that can ignore some of the usability issues.
If you have > 1 TV (or a mixture of various vintages), you will need multiple boxes or sticks or whatever add-ons to turn your older dumb TVs into smarter ones. This is because in order to fully take advantage of the streaming service of your choice, you need a good app that runs on the TV that will present the channel guide and allow you to add programs of interest. The more gear (besides the TVs) you need, the less compelling the economics and the more complex the usability issues. Not helping matters is that the services are raising their rates: YouTube TV, for example, had a big price hike over the summer. Doing my usual thing, here is what I found:
    • The UIs are just awful for the streaming services. Maybe we got used to the cable UIs over time — which wasn’t anything to crow about. YouTubeTV has the best interface, but it is the best of a bad lot. The problem is those change-resistors that I mentioned above. And it doesn’t help matters that you don’t usually have a keyboard to navigate these UIs. While it is nice that the new Google TV and some of the other devices (Like the sticks from Roku and Amazon) come with a remote, this isn’t enough.
    •  If you have a mixed collection of different TV vintages, you are probably going to be switching between the web UI and the TV app UI, which will further confound the change-resistors in your family. Exhibit A is Netflix: their web UI has been perfected over a longer time than any of their app UIs, and despite all the code development, both of them are still less than satisfying.
    • The app collection for your TV is disappointing. This isn’t like getting apps on Google Play or iTunes app stores. You are stuck with whatever is available for your particular generation of TV. I got a new TV last year, which is great for that TV, but unless you plan on upgrading all your home’s TVs you won’t be happy with the older vintage apps available.
    • One of the bigger downfalls of the streaming services is being able to easily rewind and fast forward (including through commercials). Uverse (and just about every cable TV provider) makes this easy. Every streaming service makes this a lot harder, and in some cases you can’t skip the ads (unless you buy a premium package, and then that just lets you skip some of the ads). One of the reasons why we record our favorite programs is being able to skip ALL the ads. I also found that the time of day that you watch will determine how many ads get inserted into your programming streams.
  • You need to read the fine print. Some of the streaming services have extra charges for multiple users or multiple TVs or multiple devices, to remove some of the ads, or to add additional capacity for recording your shows. A small subset of the various Hulu “add-ons” are shown in the screencap at left.
  • Finally, the TV apps don’t easily maintain channel states after the TV is turned off. When I am watching channel 5 on any of my TVs — smart or not — if I turn it off and then back on, it stays on channel 5. This is not necessarily so with the apps. With my smartest and newest Samsung TV in my living room, there is a setting on the menu that I found after much poking around to enable this. But it was purely by persistence that I found it.

So I went back to Uverse over the weekend. It was an interesting experiment, and I appreciate my wife being patient as I messed around.

Mail-in ballots are the new literacy tests

Posted on by
Reply

I was watching a fascinating movie on Amazon called All In. It documents voting suppression history in the US. While we have had various laws, including several Constitutional amendments, their implementation is mostly a local matter. Some local officials have done what they can to deny the vote over the years. For the most part, the documentary is accurate. It features numerous interviews with Stacey Abrams, who lost the Georgia governor’s race in 2018.

The movie comes at an interesting time. In my blog post for Avast this week, I summarize many of the voter suppression efforts that we have seen in the past several years, including leading up to the 2016 and 2018 national elections. There was a lot of data on suppression collected by Mueller. His report  showed that more than 3,500 ads on Facebook were placed by the Russian Internet Research Agency to try to convince potential Black voters to stay home during the 2016 elections. The same group also posted a series of anti-Muslim ads and organized concurrent protest rallies in Texas on opposite political sides. My Avast post has more details on the recent suppression efforts seen this year.

There are efforts to try to encourage everyone to vote, including a major ad spend by a new non-profit group called National Council on Election Integrity.

In the Amazon All In documentary, one person suggests the 2016 efforts should be called “Jim Crow v2.0,” referencing the pre-60s laws (and more recent changes) that made voting difficult by instituting literacy tests and poll taxes. You can see some archived examples of 1960s-era literacy tests here. These tests are almost impossible to pass, even f you have a graduate degree in American Studies.

I want to take things a step further: I think we are now in the Jim Crow v3.0 era. The new literacy test is the result of a confusing series of mail-in and absentee ballot regulations and shifting court challenges that are now happening across our country. My wife and I voted via mail-in ballots in Missouri: it took a lot of re-reading the various instructions, figuring out the steps involved, getting our ballots notarized and then mailed in. Each ballot has to be returned in a matching envelope and is tagged with a QR code that you can scan to check on its progress, to ensure that the elections board received it. (They did.) A good resource is what the Washington Post has put together that tells you when and how you can vote in your state.

But there is a subtle difference between mail-in (which anyone in Missouri can do) and absentee (which you have to certify that you aren’t going to make it to the polls). They have different deadlines and other requirements. For my Avast blog, I got to talk directly to Trevor Timmons, the CIO for the Colorado Department of State, the agency that supervises its elections. In its June 2020 primary, more than 99% of registered voters submitted mail-in ballots. Colorado is one of those “universal” mail-in states, meaning that every registered voter will receive a mail-in ballot. You can come and vote in person, but most people don’t. You can also register and vote on election day, something only a few states have.

After I had mailed in our ballots, I had a senior moment where I thought I swapped my ballot and put it in my wife’s return envelope, and vice-versa. Timmons told me that they specifically look out for these situations and still validate both ballots: “It is a common error that takes manual intervention to resolve, but it is resolved quickly.”

What about fraud with mail-in votes? If you examine this page from the Heritage Foundation, you can see their dashboard of fraud has found 1,300 cases. That sounds like a lot but not when you compare that with the hundreds of millions of votes cast. Timmons is more worried about election security, and has put a series of measures in place, such as MFA required for all election judge since 2013), applying current software patches and using other endpoint detection tools to stop malware attacks. “We have seen ransomware incidents in some of our counties that compromised other agencies. We detected them when the attacks attempted to move to the elections boards and we were able to stop their spread.”

Meanwhile, October hasn’t been without its election systems hiccups. Voter registration systems were overwhelmed in Florida. Georgia’s electronic voting machines had some issues on the first days of early in-person voting, and Virginia’s and Pennsylvania’s online registration systems were both down thanks to a construction crew cutting a fiber cable and a systems crash in a data center, respectively.