You no doubt have had a package stolen from your front porch or know someone who has experienced this. And thanks to Covid, we are all using delivery services more often, which just increases the market size for porch pirates, as they are called.

The pirates are getting some pushback thanks to tech. First came the video-streaming door cameras (like Ring, now part of Amazon) that could capture them and report them to authorities. That made a small dent in their operations. But a better solution is happening in Singapore.

If you live there, for the last several years you can have your packages delivered to one of now 1,000 public lockers that are all over the island. If you have ever used the lockers that Amazon has at Whole Foods or one of its other storefronts, you get the idea. It is a wall of lockers of various sizes with a computer controlling access. Once you authenticate yourself, a door opens and the package is revealed. The lockers are built and operated by Pick Network and are called the Locker Alliance Network (which sounds vaguely Terminator-ish but let’s move on). You choose the locker installation nearest to your home or office or wherever you happen to be, and the delivery company will get the package there. On the company’s website, you can locate the nearest locker and you can see by the map how dense they are spread around the country.

To give you some sense of scale, Singapore is a very densely settled area about half the size of Rhode Island but with five times its population. I spoke at a conference there back in 1998, and was amazed at its diversity of languages and culture: fortunately for me, almost everyone these days is educated in English. It is very modern and apart from the signs in Chinese characters, you could have been in any major downtown city. Back then their freeways had one of the first open road toll collectors (meaning no booths that were designed for variable congestion pricing and no slowing down), something that took a while to show up elsewhere in the world.

It isn’t completely one humongous city like Hong Kong, but the density it does have makes something like the locker network functional. Pick claims lockers are within walking distance for most people. You can also drop off packages at the lockers, again like what we can do at Whole Foods.

Having a “last mile” solution is significant in that it has other benefits: there are fewer delivery vans tying up the roads, and less carbon consumption too. BTW, don’t you hate that term? How else should we refer to the contact with customers — maybe “first mile!” You get my point. And it is an open network, meaning (unlike Amazon), any delivery company can integrate with their own systems.

According to this article in the local newspaper, usage was initially slow but seems to have caught on, at least given by the increasing size of the locker network. It helps that Pick is federally funded. The delivery companies saw major increases in their own productivity, the story reported, although not clear how this was calculated.

I am by nature a curious person. I spend a lot of time trying to answer questions, which is why I love my job and what has contributed to my success as a tech journalist. One term that was popular was “life-long learner” (as I wrote about this term in relation to my non-retirement strategy back in 2021) but I think curiosity is a better description. I noticed that many analysts looking at our AI-enabled future have called attention to this skill as something we will need to cultivate and develop. So in this post, I want to examine what it will take to train folks to become more curious.

Before you do any formal training, it helps to understand what type of learner that you are. We all learn in different ways: some of us have to go through the actual experience — these people respond better to tactile situations. Others learn better through more visual or auditory cues and need materials specializing in these methods.

How do you figure this out? One way is to take this short online quiz to find out which style you are. Once armed with this data, you should focus your attention on situations that offer those types of materials so you can learn things your way and retain it better. For example, if you are an auditory learner, you may wish to listen to recorded lectures or presentations. This is a boon for online webinars, where you can stop, rewind, and replay the key portions. In some cases, you might want to take notes, or recite what was just said to fix the concepts in your mind.

If you are more of a visual learner, then by all means be sure that you look carefully at the study materials. Use charts, maps, movies, notes and flashcards. Practice visualizing or picturing words/concepts in your mind. Finally, if you are a tactile learner, think about ways that you can involve more of your senses besides just watching a particular lecture. Make study sheets and refer to them often.

But knowing how you learn is just one part of your journey. Next comes having the right motivations. I have been lucky to be a self-starter and get myself motivated, whether that involves writing one of these essays or tackling a more in-depth project. Sometimes, just seeking knowledge isn’t enough. If you’re not that motivated to learn, find someone who’s also interested in becoming more curious. That link will take you to other suggestions on how to become more curious. Here is another resource, posted on the site Natural Training, which describes the ten most common habits of curious people. Things like listening without judging, willing to be wrong, and staying in the moment are all important skills to acquire.

I was thinking about this when I read something that Naomi Wu, a Chinese maker, said recently about how the education of Asian students has to change. “The key skill- prompting, asking questions. Is something our kids are generally not taught and are often quite poor at. I’d even say it’s discouraged. The ability to ask good questions becomes incredibly important with AI.” I saw this first-hand when I gave lectures in Singapore and Japan years ago: I had to seed the audience with someone who was willing to ask the first question to break the ice.

Longtime freelancing colleague Pam Baker’s forthcoming book on ChatGPT, has more tips on how to become an expert at using these tools. She told me, “Many worry that ChatGPT will erode the critical thinking skills of users. But that’s not likely because the most successful users will employ advanced critical thinking skills in forming prompts. The key is not in what you say to the machine, but in how you say it.” She tells me she is also putting together classes on LinkedIn Learning on the topic too.

I was thinking how fortunate I have been in my job as a freelance journalist. I have been able to to call up all sorts of people and ask them questions about their lives and jobs, as I wrote about ten years ago when I described two of my sources in this blog post on how to question everything. The two people had an insatiable curiosity for the unknown, to be constantly learning something new, and figuring out how the world works. While that extreme case of hyper-curiosity might not be your cup of tea, it might make you more motivated to become more curious about something.

Last week Shou Chew, the CEO of the American TikTok, was called on the US House hearing room carpet. Combining the current anti-China paranoia with social media crimes against teenagers was a potent political mix that brought a tremendous amount of bipartisan angst. The five hour hearing was attended by seemingly the entire House membership, and for me it was noteworthy in that almost none of the members were folks that I have ever heard of, but all managed to ask unanswerable questions that they demanded simple yes or no answers so they could save time for their own take.

The best commentary was Jimmy Kimmel who simulated what the app does on his show (shown here at right). More insights from Casey Newton here.

Also last week, Utah became the first state to place legal restrictions on social media usage by children (<18).  This law goes into effect in a year; we’ll see how they will enforce it, which will be difficult. TikTok seems to be included in its framework, although Google might not be (there is an exemption for online emails, so Gmail might not apply but YouTube might be covered).

The hearing wasn’t a total time waster. In addition to getting acquainted with our Congress (a couple of whom actually have had tech jobs, interestingly), it also brought to the public’s attention a few reports that I will highlight here. But what I saw was that America will probably join others in some form of ban, whether it be just for the government employees (as the US has done, as have the UK and France did last week) or something that is contemplated by other bills that are making their way through Congress.

Second best commentary was by security maven Bruce Schneier, who wrote last month  “There’s no doubt that TikTok and ByteDance, the company that owns it, are shady. If we want to address the real problem, we need to enact serious privacy laws, not security theater, to stop our data from being collected, analyzed, and sold—by anyone.” He explored on the blog various kinds of bans, all of which would be ineffective or place Chinese-style restrictions across our internet. That message was lost on Congress, sadly. The UK ban is ineffective if you use your own Wifi or data provider, for example.

The relationship between TikTok and its parent company was explored in detail in this report done for the Australian Senate and released earlier this month. This was cited several times by various Congress members. The research found that ByteDance should be considered as a hybrid state/private entity, collaborating closely with the government on its operations. Chew made an effort to show TikTok’s independence from its parent and the Chinese Communist Party (CCP), an effort that fell on deaf ears and “didn’t pass the smell test” as one member said. The report looked closely at two days’ worth of content last November and compared the depictions of the CCP across TikTok when compared with what was posted on Twitter, Instagram and YouTube. While the researchers couldn’t assess the cause, they did find both Twitter and TikTok had more pro-CCP content than YouTube or Instagram.

Another issue is how TikTok tracks users across the internet. Consumer Reports did a report last fall that found hundreds of organizations sharing data with TikTok using tracking pixels and other canvas fingerprinting techniques. Before you sound any alarms, these are common for Facebook, Google, and numerous commercial websites, and TikTok’s tracking efforts are a small fraction of what these other companies do. Still Chew’s answers were less than satisfying in this area.

Much was made about the differences between the TikTok app we use in the USA versus the ByteDance app called Douyin that is only available in China. The excellent Citizen Lab issued a report last year that examined what data leaks from both apps. Not surprisingly, the Chinese app had more potential security and privacy issues, although the researchers said neither app had any noticeable malware characteristics.

So let’s answer some questions.

Is the TikTok app spying on its users? Not according to Citizen Lab and other security analysts. Could it become weaponized? Sure. But so could any other phone app.

What else should the government ban on its own phones? Well, if you are going to ban TikTok, how about deleting dozens of other apps that collect private data too? That is what France just did, or is trying to do. Good luck with that.

Will selling the company accomplish anything? Not really, other than improved optics. Look no further than Facebook to show misuse of data by a wholly-owned American company. Ownership doesn’t mean total control.

What about the Oracle Cloud migration? TikTok is making a big effort towards migrating its servers to the Oracle Cloud, and promises to keep all US data on these servers eventually. That clearly comes under the heading of “security theater,” since these servers can still transmit anything back to their Chinese parent company. Chew made a big deal about the Oracle project, but what he neglected to say is that any third-party code audit would be nearly impossible, since the servers started out in a pristine “bare metal” state and TikTok could put anything on them. I am not sure what is accomplished here other than having better app latency for US users. Again, a lot of effort to improve optics, but not much else.

“There may be nothing I’ve seen wreck the careers of high-performing, hardworking people more commonly than stepping into a manager role the person isn’t ready for,” tweeted Kieran Snyder earlier this month. The CEO of linguistic analysis firm Textio then follows up this with some very cogent remarks about knowing when to take that leap into management that really resonated with me.

This is because I faced a similar circumstance in my own career back in 1990, when I took the job to run Network Computing, a brand new computer publication. I have often mentioned that decision as a pivot point in my professional life in these essays, At that time, I was managing a group of about a dozen editors for PC Week — and this would be a big promotion to running an entire publication, hiring its entire staff, and learning how to get the magazine from words to a coherent whole. It shaped the rest of my career, to be sure.

I also addressed this topic a couple of years ago in this post about whether super coders should take the next step into management. It is worth reviewing that piece and listening to a discussion with Jaya Baloo and Troy Hunt on the subject.

Snyder lays out four important questions you need to ask yourself whether or not you are ready:

1. Can you communicate complex expectations clearly? And behind this question is also holding people accountable — and avoiding eventual disappointments — for these expectations too. Even when you know this, it is still hard to achieve. “This is an issue I have faced, and often management fails to set clear expectations,” said Alan Elmont, who has been a recruiter and staffing professional for decades. “This has been particularly an issue with small companies or mid-sized companies that are growing too quickly.”
2. Can you engage and mange conflicts well? Being fair in these fights is more important that being well-liked.
3. Where do you fit in the scale between being a hero and being predictable? “Managers mostly do hero work to compensate when their team isn’t delivering,” she says. That could be caused by a variety of failures, such as unclear feedback or expectations or poor solutions delivery — or a combination.
4. Finally, do you have the right combination of technical skills and a solid functional foundation to properly lead your team? That is a tough one to dispassionately assess, either by yourself or with your prospective hiring manager.

Now let me take another moment from my career when I got a job to run another publication. It was a major failure, and because I couldn’t do any of the first three things that Snyder mentioned above. I barely lasted a year there before being fired. I should have spent more time understanding the lay of the landscape and the management style of my eventual boss. Now, this happened years after my Network Computing anecdote, so you would think being older and more experienced I would have spotted the danger signs. But no, I was too caught up in the thrill of being chased for a new job. Live and learn.

While on the topic of career development, I had an opportunity to talk to a group of mid-career folks who are considering jobs in cybersecurity this week. You can see my slides below, and some of the issues that we discussed.

If you are incarcerated, either in a local jail or a state or federal prison, chances are you are paying too much for your phone calls, in some cases more than 10x what a landline call from the outside would cost. While these rates are regulated by the FCC, the regulations aren’t comprehensive and the prison and jail providers have come up with various ways to soak inmates, paying high commissions to the local authorities. A recent report by the Prison Policy Initiative goes into details. “At a time when the cost of a typical phone call is approaching zero, a few companies are charging millions of consumers — the families of people in prison — outlandish prices to stay in touch with their incarcerated loved ones.” Although a few jails have reasonable rates such as one or two cents per minute for calls, most charge more, with the average jail charging $3 for a 15-minute call.

These calls are made on pre-paid phone cards, which have largely replaced the collect calls that were once the mainstay of the prison population’s communications. Remember dialing 0 to get the operator? That is no longer an option as of this year for non-landline AT&T customers. Sadly, this means few people will remember Ernestine, that lovable character by Tomlin.

The PPI report shows which states have the most egregious phone plans, how rates have dropped as the FCC widened its enforcement, the differences between local and long-distance rates and how local jails in general charge more than the state and federal prisons. It shows the oligarchy involved: three phone vendors (ViaPath, ICSolutions and Securus account for 88% of the suppliers to prisons and jails). And it offers some solutions and improvements to make these calls more affordable.

But until things change, these prices could be why many people behind bars have obtained contraband cell phones. While there are some jails and prisons that do allow them, for the most part they are banned. There are some good reasons to prohibit them as you might imagine. But there are also some good reasons why people use them.

A story last month by the Marshall Project, a criminal justice advocacy group, describes many situations where inmates have used cell phones for furthering their education, obtaining medical care, and making money from various legit online activities. One prisoner interviewed for the article has a website for selling his artwork, others are day traders in stocks or cryptocurrencies or are freelance writers. Working remotely has been a boon for these sorts of things, which I find interesting.

The best situation was a group of 300 across the country that was learning computer programming using Harvard’s CS50 online classes. They use group messaging to communicate with each other, just like any other online class. We have several groups doing this here in St. Louis as part of our coding academies.

As I said, these stories are nice but still inmates run the risk of having extended sentences or other punishments. Years ago I gave a speech in Singapore. I recall a news story while I was there where an inmate was caught with a cellphone, he was there because of what we would consider a minor offense. His sentence was changed to life in prison as a result.

I asked last November if we were witnessing the end of Twitter, and point out that the company has become more town dump than town square. Let’s review what has happened at Twitter and what we have learned about its internal operations since then. The short answer: things are worse, but not necessarily in ways that were anticipated when Elon took the company private.

Yes, there have been some notable service outages, which is to be expected given how most of its engineering staff has quit or been fired over the past several months and because one of its major data centers was shuttered. But for the most part, the service is still running. That’s great, and we could credit Elon for perhaps picking the right people to keep the lights on. (This is why I use the “supposed” adjective in the title of this piece.)

There is this behind-the-scene story about what has happened post-Elon at Twitter in New York Magazine, taken from reporting from former employees’ interviews, and well worth reading. In summary, it was complete chaos. There is also another Washington Post piece that summarizes three primary source documents: First is the Jan.6th committee’s “Purple team report” draft that was never adopted by the full committee (and that the Post has published here.) The other two documents are transcripts of testimony of two former Twitter staffers taken by the committee last fall: one by “J Johnson” (a pseudonym) who was an engineer and part of a safety policy review team and one by Anika Navaroli who was a senior safety policy domain specialist with a legal and free speech background. I will return to these documents in a moment.

One of Elon’s major rallying cries has been to attempt to neutralize the bots. This isn’t a new problem: I first wrote about the problem with bots and their abuses of Twitter more than 10 years ago. I saw my own follower count plummet right after his takeover – whether that was people terminating their own accounts or through any bot cleansing I can’t really say. Clearly, this was never much of a priority at Twitter beforehand.

Another Elon focus was to reinstate previously banned users, most notably our former president who had nearly 88M followers when he was kicked off on January 8, 2021. Part of the reinstatement is that you can now review all his tweets — he has not posted anything since his reinstatement. (There is also this archive of his entire tweet corpus, including deleted tweets for your own reference.)

Before I dive into the Jan. 6 documents, I should mention one other historical note. Last summer, after the revelations of Mudge’s tenure at the company, I wrote about some of its major infosec operational failures. Ironically, Mudge was fired in January 2022 for poor performance and ineffective leadership, something which seems to be the new normal for post-Elon Twitter.

The Mudge report provides context for the great failures of social media to moderate their most dangerous and hateful content, which is documented in the Jan. 6 committee’s Purple team report which outlines these failures as it relates to that fateful date at the Capitol. The draft document was supposed to be included as an appendix to the full committee report but only made it as far as a draft. It covers more than a dozen different social media properties and how they wrestled with their content moderation policies, “terrified of the backlash they would get if they followed their own rules and applied them to Trump,” as Johnson testified. “My safety policy team colleagues were still very unclear about what we should be doing. Twitter leadership were aware of the risks we raised, but they didn’t do anything to help address those risks and concerns. They were reluctant to intervene and block these tweets.” Instead, the social networks helped amplify these messages. The Purple draft report shows just how hard it is to turn this around: the tools are blunt-force instruments at best.

Using language such as “locked and loaded” or “Be there, it will be wild” or the debate comment “stand back and stand by” concerned the moderation teams, who consistently raised alarms at how these words were being amplified across their network. Johnson testified: “There was never, to my knowledge, leadership convening a meeting and saying, Violence has broken out. You have the green light to take it all down. That never happened.”

Navaroli testified: “I do not remember ever seeing any threat model or threat analysis leading up to the election. Del Harvey was the executive in charge of Twitter’s content moderation and security teams. Navaroli said Harvey didn’t understand the need for policies to limit Trump’s speech, or the urgency to put them in place prior to the election of Nov. 2020, or that there was a gap in coverage of existing Twitter policies. Navaroli called it magical thinking, and that Harvey refused to take any potential threats seriously. This continued into 2021, when she eventually left the company.

Her testimony highlights the lack of any content analysis tools at Twitter: she used the same public search function on Twitter’s website like any of us. “All we had were hammers, and we needed scalpels, something more nuanced.” She also mentions that “Trump was a unique user who sat above and beyond the rules of Twitter. His tweets weren’t deleted, which is what happened with other world leaders,” (think Maduro of Venezuela or Bolsonaro of Brazil). She concludes that Trump and Twitter had a symbiotic if not parasitic relationship, and that Twitter bears the responsibility for Trump’s incitement to violence was posted and amplified. “I believe that January 6th was planned, orchestrated, and carried out on the Twitter platform within and right in front of our eyes using plain language and hashtags. And Twitter, in my eyes, bears the responsibility for hosting and promoting incitement to violence that led to the loss of life on January 6th.”

What does this mean for the future of Twitter? Here are a few of my thoughts:

• Content moderation will continue to be hard, especially at the intersection of on and offline activities.
• The legal environment is in a state of flux, with new cases before the Supreme Court as I wrote about last fall on Avast’s blog.
• The social media landscape is complex and the interactions among the players are not well documented. Users of one network who are banned move quickly to others where they can ply their hate and incite violence. Coordination across platforms doesn’t exist.
• There is little operational transparency of the social network operators. The Jan. 6 committee staffers got a lot of information as part of their work, some of which can be seen by the public, but most of it hasn’t yet been published. The Purple team draft raises lots of issues, and has numerous recommendations. Whether any will ever be implemented is anyone’s guess, but chances are slim that most won’t.

CBD is not what you think it is. I know many of us think that CBD has something to do with drugs, but another version of the abbreviation has to do with central bank digital currencies or CBDC to be more accurate. As the legal spectacle of  Sam Bankman-Fried of FTX unwinds in various courts, it might be time to focus our attention on CBDC and how the world’s banks are moving quickly into this legal type of cryptocurrency — call it bitcoin for banks if I want to be cute about it.

The idea is taking hold around the world. The Atlantic Council keeps track of these projects and to date 11 countries have active CBDC programs, mostly in the Caribbean plus Jamaica, Bahamas, and Nigeria. Yes, that Nigerian prince wants your bitcoins! How ironic can that be? Another 17 countries are engaged in pilot projects, most notably in China (which intends to expand its pilot from 230M people to cover the remainder of its population in 2023) and other parts of Asia along with several in the Middle East, including Saudi Arabia, UAE and Iran. And Australia, Thailand, Brazil, India, South Korea and Russia intend to continue or begin pilot CBDC testing in 2023.

CDBC has a lot of different reasons for this growth spurt.

• First off, banks want to be a safer source of crypto. Certainly, a central bank moves slowly because they have to. But there is a lot of appeal and they want to be involved.
• They also want to promote financial inclusion by providing easy and safer access to money for their unbanked and underbanked populations. Governments and central banks realized they needed a faster way to get money in people’s hands.
• They can introduce competition and resilience in the domestic payments market, which might need incentives to provide cheaper and better access to money. This is not a new idea: net-based payments have been around since the 1990s. But the central banks could help make payments more efficient and also lower transaction costs.
• CBDC also can help create a new category of programmable money, through smart contracts and other new payment automation methods.
• The banks see an opportunity to improve transparency in money flows and make these flows more seamless.
• The open source community has responded. MIT is spearheading an “Open CBDC” effort that has the US Fed’s interest.
• Finally, the banks need to have better ways to transfer funds internationally. A cross-country CBDC system could be the solution, avoiding any need for the SWIFT system. The Ukraine war has also motivated banks to get on board with better international tracking methods that a cryptocurrency could provide.

CBDC isn’t for every country: there have been two cancelled projects so far — in Senegal and Ecuador — but that is to be expected.

“A CBDC could be an opportunity for a ground-up redesign of our legacy payment systems, offering a chance to reimagine market roles and incentives and to solve foundational problems in our financial system,” as the OpenCDBC project writes in their FAQ. The trick is navigating the numerous challenges around protecting user and payment data, understanding the resulting impacts to financial stability, and to properly leverage the current innovation in the private crypto sector. Certainly, that is a lot to consider.