Category Archives: digital home

In praise of cheat sheets

Posted on by
2

While my days of being in engineering school are in the paleolithic era, I do remember a fondness for cheat sheets, especially when it came time to cram for exams. I was recently reminded of this while watching a movie about NASA’s mission control doings during the Apollo era. On the screen flashed the following handwritten cheat sheet, to be used when one of the spacecraft computers was showing a particular alarm code. I believe it was compiled by Jack Garman.

This struck me as fortuitous — as some of you might remember, when the Eagle lunar module from Apollo 11 was making its descent to the surface of the moon, it had set off a 1202 error code. The engineers had experienced this code in previous simulations, and within seconds were able to tell Armstrong and Aldrin to just ignore it and carry on: the code indicated that the computer was being overwhelmed with inputs. Given that computer had the processing power of today’s coffee pots (1 MHz processor with 150 kb of RAM), it wasn’t a show-shopper.

But it also struck me as somewhat amusing too. Here is NASA, spending billions of dollars inventing all this technology, and the success and failure of the first moon landing came down to some engineer putting this one-pager together that saved the day. Garman had memorized these error codes and was able to quickly respond to the flight controllers that the landing could continue.

If you want to read more about the circumstances around the moon landing, check out what I wrote about in 2009. There are some links to interesting web pages that show simulators for the guidance computers and also a real-time video and audio of the entire mission.

If you want to see some good examples of the cheat sheet genre, Peter Nikilow has collected hundreds of them on his Pinterest account. If you have your own favorites, put a link in the comments and say what makes it so.

Tech innovations we owe to HotOrNot

Posted on by
Reply

Nineteen years ago, I taught a high school computer networking class for ten boys. It was my first time in a classroom, which had a live network and Internet connection using a bunch of Windows 95 computers, hard wired via Ethernet. We had some fun times with the class, which lasted all year, and I am still in touch with many of the students today. I can’t imagine trying to teach a class like that via Zoom, but that isn’t why I am writing about the experience.

One of the more memorable moments was when some of the kids posted my picture on HotOrNot.com, a new website that just celebrated its 20th anniversary and got some mention in Mashable here. I would urge you to read the entire story, even if you are in a stable relationship and don’t have any use for dating or matching sites. The story notes the many places where HotOrNot was ahead of its time, and lay the foundation for many of the web technologies we have come to know and love today. For example, the site connected online and offline social interaction in new and useful ways. Now we take this kind of connection for granted. Some other ground-breaking things:

  • Gamified ratings of each participant’s photo, now enshrined in Likes and up-votes across all the social media platforms.
  • Word-of-mouth traction: traffic doubled every few hours in its first weeks. In the piece there is this charming story about how UC Berkeley engineers figured out the extra traffic was coming from one of their servers that had been connected without approval on the campus network.
  • They very quickly put in place a subscription model and became cash-positive by using auto-renewing subscriptions. That was a rarity then but now is so commonplace that you would be hard-pressed to find a website that doesn’t do this.
  • Outlandish promotional billboards. They put up one with the two founders mostly naked, strategically covered by their laptops with low scores. The founders were nerds, after all. This is way before Oracle and numerous other tech companies used similar tactics, not to mention every airport ad ever used by a tech vendor. Remember airport ads?
  • Something not seen currently were a series of anti-bullying measures, include great take-down response time if someone complained about their photo. It has taken many tech companies far too long to figure this out.
  • A real tagline: keeping the site “fun, clean and real.” Unlike other taglines (don’t be evil, say), they actually meant it and ran their company accordingly.
  • Eliminate needless clicks: when it was first conceived, there was a “click to submit” button. That was eliminated.
  • Virtual goods purchased through real money, typically with Western currencies that could retain their buying power if they lived in other parts of the world. Now we have Bitcoin.Not sure that is progress.
  • Mutual opt-in messaging, a precursor to many what many subscription and dating  sites do, and the model behind Twitter’s DMs.
  • Inclusive dating to the same-sex world. While not as inclusive as today’s alphabet soup of non-binary genders, it was still innovative in moving beyond hetero norms.
  • Speaking of gender, HoN also had several female managers way before it became a cause. Again, this has taken way too long to implement.

FIR B2B podcast episode #142: Why B2B marketers should care about “The Social Dilemma”

Posted on by
Reply

The movie The Social Dilemma is now streaming on Netflix. It’s been widely reviewed, and most of the reviews are positive.  (You can read my review for his Avast blog here.) It combines documentary-style interviews with leading minds formerly at Facebook, Twitter, Uber, Instagram and so on, along with star turns from Shoshana Zuboff, Jaron Lanier and Renee Diresta. The thesis is that the social giants have sold us and our data down the river, and we now are stuck with the results.

Paul Gillin and I discuss the wider implications about the movie for B2B marketers, particularly for the tech world that we both know so well. While neither of us learned anything new, the movie does portray a dark and dangerous situation situation developing. We feel that the time has come for advertisers to band together to acknowledge that this is a problem, to fight platforms’ tacit support for conspiracies and hate speech and to educate the public about how to be careful in their own consumption of social media posts and misinformation. There are several privacy suggestions in both the ending credits of the movie and on David’s post that could be starting places for a discussion.

Earlier this summer a group of advertisers banded together to boycott Facebook. The NY Times wrote about the results here. Basically, while many advertisers went dark, most of them came back in August. The revenue impact on Facebook wasn’t significant and many smaller businesses really have no choice but to use the platform.

We’d love to hear from you with other suggestions on how we can work together to improve the social media landscape. You can listen here for our podcast commentary about the movie.

What is QAnon and why should you care?

Posted on by
10

I am not a big fan of conspiracy theories. As my wife has suggested, this practical reason makes more sense to me: the number of folks that have to be in on the secret have to be a very large number. It is far easier to just explain the “theory” as baloney.

Let’s talk about one of the biggest conspiracies sweeping the world right now, QAnon. Its adherents are a very scary bunch. It has gotten so popular that now they have hijacked what were normally causes for good, such as using  the #SaveTheChildren hashtag (as explained by the NY Times) to organize and recruit new members. They are so popular that a software development conference with a similar name has received registrations from people who can’t code. Last summer the FBI identified QAnon as a potential domestic terrorism threat, linking the group to the Tree of Life shooter.

“QAnon is a baseless internet conspiracy theory whose followers believe that a cabal of Satan-worshipping Democrats, Hollywood celebrities and billionaires runs the world while engaging in pedophilia, human trafficking and the harvesting of a supposedly life-extending chemical from the blood of abused children,” wrote The Guardian in a post earlier this summer. If you recall the whole PizzaGate fiasco a few years ago, that was their heretofore most infamous moment. (You can find references to that on your own.)

I will give you a lay of their landscape, and assure you that my hyperlinks go to legit sources that hopefully won’t amplify their messages of hate. And they have nothing to do with the delightful musical referenced in this image here.

Their membership, from various accounts, appears to be catching on. There are dozens of Republican congressional and local races with avowed QAnon supporters, including a couple running in safe districts that will most likely get elected. That is pretty depressing. One reason for their popularity is social media, which makes it easy for potential members to find like-minded individuals in their area to connect with. Facebook banned many QAnon groups in mid-August. When Twitter took similar action in July, it limited reposting features for approximately 150,000 accounts and banned more than 7,000 accounts outright.

But here’s the problem: banning this reprehensible speech isn’t the best solution. Unlike the “shouting fire in a crowded theater” (not that any theater right now is even close to crowded), these groups aren’t so easily silenced or adjudicated in a courtroom. The problem with an outright ban is that this almost always encourages the QAnon supporters to find other places to post their garbage and attract new followers. What is needed is to leave the original post (usually a video) and attach a piece debunking their claims. What Twitter did was to also downrank the Tweet and preventing any reposting. “This creates one location that can be used to offer debunking content, both as a pre-roll on the video and in the recommended next videos,” says Renee Diresta here. She goes into more detail in a Wired piece where she documents the path that many conspiracy adherents take, calling them Cult 2.0. She writes, “The social platforms are still behaving as if they don’t understand the dynamics at play.”.

Sadly, our cancel culture has made the problem worse. We need to operate with a more granular mindset if we want to prevent these hate groups from spreading. It is too bad that Facebook can’t seem to figure this out.

Avast blog movie review: The Social Dilemma

Posted on by
1

Earlier this month, Netflix started streaming the movie The Social Dilemma. It was first screened at Sundance earlier this year, and now is widely available. Since its release, it has been widely reviewed.

The film combines documentary-style interviews with leading nerds behind Facebook, Twitter, Uber, Instagram, etc. along with star turns from Shoshana Zuboff, Jaron Lanier and Renee Diresta. The thesis is that the social giants have sold us and our data down the river, and we now are stuck with them. The New York Times review is mostly positive, saying the interview subjects are “conscientious defectors from these companies who explain that the perniciousness of social networking platforms is a feature, not a bug.” The best interview subject is Tristan Harris, a former design ethicist at Google who now runs a non-profit called the Center for Humane Technology.

You can read my extensive review of the film on the Avast blog here. The film could be one small step to help understand the role that social media plays in our lives. It could  also help start some conversations with the less tech-savvy family members and friends.

You can also listen to my podcast as Paul Gillin and I discuss our reactions to the movie and what B2B marketers can takeaway from it.

Congradulations: you have been phished!

Posted on by
2

Phishing scams abound, if my own personal situation is any indication. This past weekend, I received two text messages — technically this is smishing or SMS phishing, but still. One looked like this (don’t worry, it is just a screencap):

You’ll notice a couple of tells. First is that it is addressed to me by name Usually, when my close friends and family send me texts, they don’t include my name. And the fact that a phisher knew my name is a bit concerning. The other is that it contains an active link, just waiting to be clicked on.

I got another text that was slightly less salacious, as you can see to the left. Again, my name is mentioned. Because of the subject, it is more insidious — now that we are ordering almost everything online the packages are coming to our doors in droves. But note this one tell — the package was mailed back in April. Granted, things are slowing down somewhat over at the USPS, but still.

The FCC has issued this warning about smishing with several illustrations. And the crooks are getting more clever, with this case described by Brain Krebs on how one criminal combined smishing with using a cardless ATM transaction (meaning just using a mobile phone for withdrawals) to steal funds from victims’ accounts.

Corporate security folks are trying to get ahead of the attackers, and many regularly conduct phishing simulation or training exercises. Sometimes these misfire. The WaPost reported on a recent phishing training exercise that was completely misguided. The Tribune Co. sent around a message with “Congradulations, executives!!” in the subject line (hence my usage in today’s essay title). The email promises bonuses to come, if only the staffer would click on the enclosed link. Yes, the deliberate mistakes (spelling and duplicate exclamations) and the embedded link should be the tells that something is amiss. Whether you think this insensitive (given the number of layoffs in this industry) or just plain dumb, it still was a poor choice to demonstrate and train users. While it is true that potential phishing messages do use this particular lure, the Trib IT department should have known better.

Smishing isn’t the only lure used by hackers of course. Ironscales has compiled a collection of fake login pages that try to fool people into thinking they are authenticating their AT&T, Apple, Bank of America and more than a dozen other accounts. Their research has shown there are thousands of these fake login pages circulating around online.  Ironically, the email from their PR department announcing this research was flagged by Google as risky, warning me not to click.

So here are a few pointers on how to prevent these types of attacks.

Don’t respond to any calls to action you get via texts or emails. Think before you click on the links or call the phone number listed. Better yet, don’t respond or click or call. This includes sending back a “Stop” text message. Just hit the delete key.

If you feel you have to respond, do it out of band. Go to the Fedex website directly and track your package that way. Call your bank directly to see if you have a fraud alert. Here is a Tweet stream that shows the lengths that one person went through to research and vet one text. My wife got a phishing email recently and did exactly that to find out it wasn’t genuine. 

Finally, is something out of character? Is this a text or email out of the blue from some long-lost correspondent? Or does it contain (one or more) simple grammatical errors?  Or is an offer of money too good to be true? That is because it isn’t. Do you really think the IRS or Social Security Administration sends you texts? News flash: they don’t.

Back to college, Covid-style

Posted on by
2

As most of you know by now, I live in St. Louis. This is midway between two major rival state schools, in Columbia (Mizzou) and the University of Illinois at Urbana-Champaign. The two schools have markedly different Covid testing policies this semester. I will get to that in a moment, but first, take a look at this dashboard developed by the College Crisis Initiative:

You can see the focus in my metropolitan area of each school and the various policies that have been adopted, ranging from full in-person classes to all-online instruction and various in-between choices. There is a lot of variation among the colleges and universities just on this small portion of the map. This reflects the variation of policies about the pandemic. In my region, we have different policies for mask wearing: a county just south of the city went from masks highly recommended to required to revoking the requirement, all within 24 hours. Such is the toxic mixture of politics and public health, with emphasis quite literally on toxic.

It is certainly a confusing time to be attending college. Mizzou is using a hybrid model: some in-person classes and some online. Each school’s dean makes their own decision. Students are required to report positive tests to the campus health department.

Illinois has gone whole-school testing. They aim to test everyone (including staff and faculty) twice a week, whether or not they show symptoms. They are doing thousands of free tests daily, using a new saliva-based protocol that was developed internally (Yale and the NBA are also doing something similar), with results available in minutes. Students receive results on an app on their phones, which allow them access to classrooms if they test negative. Interestingly, most of their classes are being held online, even though students are living on campus. All this planning didn’t help: students still went to parties and got infected.

Some schools, such as Notre Dame, began their semesters with plans for all in-person but got spikes in infections and then paused these classes to do more testing. The cause appeared to be a combination of large on-campus gatherings of non-mask wearers and two off-campus parties attended by biz school students. I guess the students took to their mirroring of adult life very faithfully.

To show you what shouldn’t be done is the example of Albion College in Michigan. Ironically, it has academic programs to train contact trackers to be hired by health agencies. Last month Zack Whittaker at TechCrunch wrote about a new Covid tracking app from Aura that is being deployed at the college. The app is mandatory for all students and tracks their real-time locations.

If you think you have already heard about Aura, there is another product with this name that is a mood tracker for the Apple Watch. There is also the Oura ring which is another health and activity monitor. But the Albion Aura app is a problem. Like at Urbana, students need to use the app to gain entry to classrooms. If students uninstall the app or don’t share their location with the app, they could be suspended. Its first release contained rookie security errors, one of which was found by one of the college’s compsci students. There is a long list of FAQs on the college website.  I was more confused reading the entries and I can’t imagine what students and parents at Albion might think.

Clearly, we are all feeling our way through these trying times. And the Mizzou link above will take you to a SciAm piece that compares strategies at other schools. If you have a college student in your family, do share your own reactions here about your own perspective.

Avast blog: An elections security progress report

Posted on by
Reply

Twelve Tuesdays from today, the US national elections will take place, and infosec professionals are doing their best to adapt to changing circumstances brought on by both the pandemic and the tense cyber-politics surrounding them. More states are expanding mail-in voting and planning the necessary infrastructure to distribute and process  paper ballots. State elections officials are also deploying better security measures, banding together to form the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC). Membership in the  information sharing and analysis center has grown considerably since the 2018 election.

In this blog post for Avast, I review what is going on with election security since we last covered the topic during the March primaries. There have been numerous events in the past week that have brought new context to the intersection of technology and our elections. And I also mention several presentations given at Black Hat and DEFCON that bring us up to date on what is happening with election security.

If you are unemployed, start rebuilding your personal brand

Posted on by
1

I am very fortunate: I have worked for myself for decades and have a great collection of clients that keep me busy with plenty of freelance writing assignments. But because our economy is in rough shape, there are lots of folks who are out of work right now. This made me think back to the time in 2006 when I got fired from my last full-time gig, running the editorial operations of the various Tom’s Hardware websites.

It wasn’t the first time I went to work and was told to pack up my things and leave that same day. It is a horrible feeling: you think you are worthless, that you will never work again. That you have failed. I was scared that I wouldn’t be able to make my mortgage payments. I had moved across the country to take that job, and now what was I going to do?

Unlike the astronauts, failure is an option. I wrote about this many years ago, where I described some of my numerous failures in my career, such as my books that didn’t sell or websites that weren’t successful at attracting interest.

I thought of this because I am reading an interesting book by Lauren Herring, Take Control Over Your Job Search. It is all about helping you to find a new job — not that I need to or want to make changes to my current situation mind you. I am very happy with being a full-time freelancer, and thankful that I can work for such great clients. But if you are less fortunate, or if you know someone who has gotten stuck with unemployment, this book might be worth picking up. Lauren is the CEO of a coaching/recruitment firm here in St. Louis.

Sure, there are a lot of job-search books out there. This book has some intersections with three sources: that seminal job searching book What Color is Your Parachute, Elisabeth Kubler-Ross‘ stages of grief and the mindfulness work by Jon Kabat-Zinn. But what I found interesting in Herring’s book is that she addresses the biggest issue of today’s unemployed: your emotional state of mind. Yes, you can fill out all of the Parachute’s exercises and have a sparkling resume. You can meditate daily and figure out whether you are in denial or still bargaining with your newfound unemployment. But if you approach your virtual interviews with a lack of confidence, or too much confidence, or can’t even leave your house without a boatload of fear, you won’t get anywhere. “The ability to notice, understand, and process your emotions is more critical to success and happiness today more than ever before,” she writes.

Herring describes how to respond to ten different emotions (that’s the multi-step Kubler-Ross stuff) of grief, anger, and frustration with ways to respond to them and Parachute-style exercises to get you to discover your own state of mind and ways that you can move through the paralysis towards more positive outcomes (a la mindfulness). Along the way you will be using a group of what she calls your “super team” of supporters to help you role play and arrive at better outcomes and write journal entries of your reactions. “The goal of this book is to replicate the live experience of working with a career coach as best as possible,” she writes.

Take fear, for example.To fight it, she cites several case studies of the jobless that she or her company has coached. “Potential employers can sense your fear about your job search,” which as you might imagine doesn’t bode well to get callbacks or offers. And if you find yourself taking rejection personally and feeling resentful, you need to reset these feelings. For example, you should do some research and find out if you have your facts straight.

One of the more interesting aspects is shaping your personal brand, which is something that I have written about several times, and part of some of my own career coaching presentations. Your brand needs to come through in all your digital elements: LinkedIn profile, your resume and so forth. “This is one of the most uplifting tactics your can do during your job search,” she writes, and a good way to counter some of the negative emotions you are experiencing. Being clear on your brand is a great way to define your next job, and to ensure that your performance once you get that job will measure up to the expectations of you and your manager too. It is great advice for folks who have jobs and want to move ahead too.

One missing element from this book is some specific strategies in these times when we are working from home. While some of her methods can be easily modified and she does mention things like virtual interviews, I think the topic deserves its own special chapter. Perhaps she’ll include this on her website as a supplement.

Avast blog: How to use multi-factor authentication for safer apps

Posted on by
Reply

Multi-factor authentication (MFA) means using something else besides your password to gain access to your account. There are many ways to do this – some, such as texting a one-time PIN to your phone are less secure than others, such as using a $25 Google Titan security key (shown here) or the free Authy/Twilio smartphone app. The idea is that if your password is compromised (such as a reused one that has been already leaked in another breach), your account is still secure because you have this additional secret to gain access. Is MFA slightly inconvenient and does it require some additional effort to log in? Typically, yes.

After the Twitter hacks of last month, I took some time to review my own security settings, and found them lacking. This just shows you that security is a journey, and you have to spend the time to make it better.

I go into more details about how to best use MFA to make your social media accounts better protected, and you can read my blog post for Avast here for the step-by-step instructions.