April 26, 2015

While the World Burns, the Washington and Media Elite Party Through the Night

In Nepal, thousands lay dead and dying in a horrendous earthquake and its aftermath. In Baltimore, righteous anger over the crushed spine and death of a young black man in police custody was triggering violence and arrests.

And last night while those events raged, the Washington political and media elite were hypocritically and drunkenly joking and partying in their formal finery, a mere 40 miles from Baltimore itself, at the White House Correspondents' dinner.

For CNN and its fearless leader Jeff Zucker, it wasn't even a close call as to how best to handle this confluence of simultaneous events.

They simply provided hours of wall-to-wall coverage of the partying elite, while reassuring everyone that they'd catch up with the deaths and arrests later, after their crucial coverage of boozing and backslapping at the big party was over and done.

Oh yes, and they suggested that if for some perverse reason you cared less about the 1% yukking it up than mass deaths and protest arrests, you could just go searching around online and maybe you could dig up something -- assuming you had a decent Internet connection and a means to access it, of course.

Well, to paraphrase "Major Kong" from "Dr. Strangelove" -- I've been to one world's fair, a picnic, and a rodeo -- and this is one of the most egregious examples of the "Nero fiddling while Rome burned" syndrome I can recall in my entire lifetime to date.

"Obscene" and "perverse" are the only "polite" terms I can think of to describe this situation. The invectives that more properly illustrate the depths of this depravity and what they tell us about income and social disparity here in the USA, are unfortunately not words suitable for family audiences.

The big party could have been turned into a big opportunity, of course. The "good old boys" jokes could have been set aside and the focus turned to earthquake relief and even (horrors!) serious discussion by the powerful individuals present. It appears that the number of persons killed in the Nepal quake is similar to the numbers killed in the 9/11 attacks. But apparently when victims are overwhelmingly not Americans, it just doesn't count.

We all deserve one hell of a big apology from the political and media snobs who are responsible for this sickening display of hypocrisy and elitism run wild.

But don't hold your breath for that apology. 'Cause they got the big bucks and the big power -- and we don't.

We ordinary people one and all must say polite goodnights to our masters, for when you're hot you're hot. And when you're not -- you're not.

And we're most definitely not.

--Lauren--

Posted by Lauren at 11:06 AM | Permalink


April 22, 2015

When Google Leaves Users Behind

I was just now reading over the publicity materials related to Google's newly announced (but long rumored) "Project Fi" wireless plan/experiment today, and found myself pondering a question. To wit: If I had the currently required Nexus 6 smartphone, would I be applying to be included in this new mobile offering?

And I realized the answer was no. Not so much because my current phone and plan are completely adequate to my needs, but rather for a couple of more depressing reasons.

One of these is the painful realization that I wouldn't necessarily have confidence that Google won't be abandoning this effort in relatively short order, triggering possible hassles at the egress end of the offer. Perhaps Project Fi signals the birth of a wonderful, consumer friendly, disruptive change to mobile that is long overdue. Or, Google might decide in a year or two just to pull the plug on it with short notice -- there are certainly well remembered precedents for the latter outcome from Google.

Another reason for my own current lack of enthusiasm for Project Fi is my personal embarrassment (I've consulted to Google) at the shabby way Google has treated -- and continues to treat -- many of their existing Android users.

I'm an enormous fan of Android, and totally committed to the Android ecosystem. But for the life of me I can't find valid justifications for Google's abandonment of literally vast numbers of Android users currently using older devices. Not everyone can afford to treat smartphones and tablets as easily disposable, especially when they seem to functioning perfectly well from the users' perspective.

Yet so many of these users are actually vulnerable to serious security flaws because Google refuses to patch the versions of Android still being run by large numbers of persons.

Google has a range of explanations/excuses for this. Technical difficulty with backports. Uncooperative carriers. Concentrating efforts on the latest and greatest (more on that in a moment).

It's notable how quickly Google abandoned users even of their own flagship phones like the Galaxy Nexus when purchased directly from Google, where carrier cooperation wasn't even an issue (Google's excuse in this case was lack of driver support from a chip vendor, but somehow third-party hackers found a way around that problem.)

Given, no phone or other device lasts forever. Yet Google has (to my knowledge) not even directly, proactively informed users of these older devices about the security issues associated with these units, nor informed them regarding the useful workarounds that actually do exist in many of these cases. Is it better for users to proceed using their devices in blitheful ignorance of these issues? I don't think so, anyway.

Again, I'm not suggesting that Google be required to update these older units forever. But why isn't there at least an official, well known Google page that directly and specifically explains the security status of these devices and the aforementioned workaround procedures? Why must users depend on (not always trustworthy) outside articles (or blogs!) to learn about these matters? Google should take ownership of these important issues, rather than depending on others to dribble out such crucial information.

Google's seemingly endless juggernaut of great products belies problems that are not by any means unique to Google, but can ensnare large firms of any stripe, especially if they're engineering oriented.

It's all too easy to focus on the latest and greatest, while too quickly de-emphasizing serious consideration and maintenance of older products used by fewer users. Yet at the scale of many such firms, even relatively small percentages of users can represent very large numbers of actual human beings, many of whom are particularly in need of continuing attention, by virtue of their inability to buy into those wondrous new devices at the rate common for the early adopters.

And let's face it, engineering-oriented firms are often structured in a manner where career advancement is largely predicated on working in the bleeding edge of development -- there's little incentive for employees to seek roles maintaining older systems, backporting security patches, or refactoring code.

But these are all crucial roles, for the ways in which a firm supports all users, including those not in the new products adoption forefront, directly impacts public perception of how a firm's newer offerings will be perceived, and how that firm's treatment of users overall will be judged.

Something to think about perhaps, the next time you hear of a possibly great new product being announced. For one of the ways through which we can most clearly anticipate the future -- even our technological futures -- is to understand how we've been treated in the past.

Be seeing you -- in the future.

--Lauren--

Posted by Lauren at 02:19 PM | Permalink


April 10, 2015

Why YouTube Issues Are So Very Important

I view YouTube issues as a kind of proxy for the kinds of issues the broader Net increasingly faces in the technical, policy, and political arenas. Full disclosure: YouTube is certainly one of my top favorite sites on the Net. So I have a vested interest in trying to help it stay healthy and prosperous.

Given that YT is currently ranked the second most popular site on the Web (after Google itself -- so Google effectively holds both the #1 and #2 slots) its particular mix of services presents some fascinating challenges.

Many of these are obvious at least in their outlines. Massive amounts of storage space for all that video. Tremendous amounts of bandwidth necessary to distribute the video. The complicated nature of YouTube's interactions with ISPs, the intricacies of content delivery networks, and so on. And it's impossible to consider peering disputes, ISP bandwidth caps, and an array of other fundamental Internet concerns without considering their interplay with and implications for YouTube.

To be sure, many of these matters also apply to any other large-scale video oriented Net services, such as Netflix.

But where YouTube in particular diverges from Netflix is in YT's deep commitment to user uploaded videos, and it's that aspect that brings into play perhaps the most complex, and certainly the most controversial issues.

Virtually every day, my inbox receives queries related to YouTube. The lion's share of these are from persons who feel that YT has wronged them in some way. Perhaps they're concerned about a video of them that someone else posted. Or a video they posted that was tagged, demonetized, and/or removed via a Content ID hit or copyright strike -- or that their account was forcibly closed entirely.

Sometimes their concerns are valid, more often they're not. I know one classical music pianist who has been through the YT wringer with many repeated false positive YT problems related to his self-played works (classical music, and public domain materials in general, present rather fascinating technical challenges to abuse detection, especially at Google/YT scale).

But while it's easy to throw around the hyperbole about the DMCA's "guilty until proven innocent" model (which, obviously, Google/YT must abide by -- keeping in mind that the DMCA in key respects has made YT possible at all), and the definitely improving but still somewhat opaque nature of the YT appeals process, the reality is that systematic, intentional abuse of YT by bad players is very real.

How bad is it? Just for jollies, toss this URL into your browser when you have a few minutes to spare.

This will display the uploads with full movie in their title over the last hour. Skip the ads at the top and explore the organic listings. I'll bet you find that every single one is a "come on" spam -- the movie isn't actually there at all, they're rather trying to get you to click through to another site (the specific ways they do this will vary -- don't even get me started about the obnoxious and notorious girl in red).

Most of these spam videos seem to be from a relatively small set of uploaders, despite the vast number of throwaway accounts they're creating. Interestingly, they appear to target not only current release films, but often old classics as well.

An hour doesn't seem like too long for these to be around, but many persist for weeks and much longer -- and many of those add insult to injury by monetizing the spam video with ads! That's right, the spam uploader crooks are attempting to steal money with content to which they have no rights at all.

This also applies to the content uploaders who aren't spamming, but "merely" monetizing other parties' content, like many years' worth of classic television programs. Keep in mind that these aren't people making available long lost programs based on some radical all information should be free! philosophy. Since they're monetizing these uploads they're just simple crooks, trying to make money off someone else's work. This really disturbs me. It's the kind of abuse that is damaging to the broader YouTube and Internet video ecosystem in very significant ways, and provides ammunition to forces who push for draconian legislation that would make the DMCA look like a walk in the park by comparison.

Google works diligently to kill this crud, but at scale -- especially considering the desire to minimize false positives as much as possible -- it's a real game of Whac-A-Mole. The evasion techniques in use are certainly imaginative: Static inset box videos, moving inset boxes, mirror images, translucent backgrounds, and much more. Not only are these crooks stealing content, they're presenting it in horrendously substandard ways as well.

I think it's important that YT users at large understand that this sort of monetized abuse is not at all benign, and makes everything harder for Google/YT and honest users of the ecosystem. I always urge users to report these spams and monetized ripoffs when they find them. (Sidenote: Many users don't realize they can report them. The reporting link is currently hidden under the YT player UI More link. While one doesn't want to encourage frivolous reporting, having the reporting/flagging function being more visible in the interface strikes me as a proposition worth considering).

And perhaps most importantly of all, we have the entire array of free speech, government censorship, and related issues that focus on the ability of ordinary users to upload materials that might reveal horrific police abuse -- or attempt to ruin an innocent person's reputation. And everything in-between. We have governments attempting to takedown (or block) videos that they consider sacrilegious or simply politically inconvenient. The complex dilemmas related to Terms of Service and appropriate content rules -- issues of adult materials, horrific materials, hate speech, viewers who are children, religious intolerance, racism, on and on. How to set these standards, how to evaluate them, the gray areas, evaluations, and the emotional realities and emotional costs of balancing such complicated concerns and interests -- I won't even try to scratch the surface of those issues right now.

So again and again, we see that YouTube issues are a representation of the broader issues facing not only the Internet, but the entire global community as well.

That makes them important. Seriously important.

--Lauren--

Posted by Lauren at 10:34 AM | Permalink


March 28, 2015

For the Anti-Gay Indiana GOP, the Web Is a Harsh Mistress

It was with obvious glee two days ago that GOP Governor Mike Pence signed Indiana's new "Religious Freedom Restoration Act" -- in reality a law created to gladden the political voting hearts of closeted and outed racists, not to mention other right-wing lowlifes throughout the Hoosier State.

While written so broadly that it conveniently could be used to discriminate against any "minority" religious group, the true purpose of the legislation was never in question -- it was designed to provide a mechanism for treating LGBT persons as second-class citizens -- for example, to be denied entry to establishments at the whim of prejudiced prune heads.

Pence and his GOP minions apparently figured they had a real winner with the RFRA -- "Hell, our base racist voters will flock to us in droves," they must have thought.

But it's a funny thing about politicians these days. They usually like to make a lot of noise about being "Internet-savvy" -- but in reality their understanding of the Web and the two-edged sword of social media can be unimpressive in the extreme.

So seemingly just a few heartbeats after the RFRA was signed into law, we have the sickly amusing spectacle of its supporters expressing surprise that pretty much the entire world -- including major tech firms, sports leagues, and the vast power of social media -- has turned against them, with enormously expensive boycotts of Indiana rapidly being announced, and vastly more under consideration.

While the law's supporters hem and haw claiming that discrimination was not the purpose of the legislation, everyone knows that's a lie -- legalizing discrimination was precisely the reason for the law's enactment. Nor will Indiana politicians' protests that other states have seemingly similar laws on the books make a difference -- if anything those states may now come to regret the fuse that the Indiana GOP lit under this issue.

For as much as many politicians don't really understand the Internet at all, there's one thing they all certainly understand -- money. And the financial loss that can be foreseen from announced and future boycotts related to this issue could be staggering -- something to chill the hearts of politicians everywhere.

Particularly fascinating is the sense that Indiana's governor and cohorts in the abomination of RFRA appear to be genuinely surprised by the massive and rapid backlash.

Perhaps this is the result of spending so much time in racially and religiously intolerant "echo chambers" of Indiana state government.

But it's also likely to be an artifact of their inability to understand the power of the Web -- and of social media in particular -- to mobilize concerned persons around the country and the globe in ways that were unimaginable even a relatively few years ago.

Well, they're learning that lesson now.

Welcome to the 21st century, boys. We still may be waiting for those flying cars, but we've already got the Internet -- and the Net is far more powerful than a fleet of flying Ferraris.

You can take that to the bank -- whatever you have left after the boycotts, that is.

--Lauren--

Posted by Lauren at 12:43 PM | Permalink


March 16, 2015

As We Age, Smartphones Don't Make Us Stupid -- They're Our Saviors

Throughout human history, pretty much every development or invention that increased our information storage and management capabilities has had its loud and voracious naysayers.

Around 370 BCE, both Socrates and Plato were already badmouthing the written word as inherently inferior to in-person verbal dialogue. The printing press, typewriter, telegraph, telephone, and Internet have all been targeted as the presumed bringers of universal intellectual decay.

So it comes as no surprise that when Web search engines appeared on the scene -- to organize Internet-based information and make it widely available -- much the same tired old attack arguments were trotted out by the usual suspects, in the form of multitudinous "Google Is making Us Stupid!" articles and similar varieties of vacuous commentaries.

The crux of most arguments against having quick access to information seem to largely parallel the attempts not that many years ago (and in some venues, still continuing) to routinely ban calculators from physics and other similar subject tests, on the grounds that not doing the math by hand was somehow -- perhaps in a moral judgment "You'll go to hell!" kind of sense -- horribly cheating.

But unless the test you're taking is specifically one for mathematical skills, the rote manual calculation process is practically worthless compared with developing the necessary skills to actually analyze a problem and determining appropriate methodologies for reaching correct answers. Even a specific answer itself may often be far less relevant in many contexts than development and analysis of appropriate problem solving processes.

One wonders how many potentially brilliant would-be physicists with wonderful analytic skills were sidelined into other professions simply due to not having a knack for manual math.

With the rise of the mobile Net comes the latest incarnation of this twisted saga, the "Are smartphones making us stupid?" meme. There seems to be a new version of this one somewhere pretty much every few days.

In a very real way the term "smartphone" in this context is being used by detractors largely as a proxy for saying "Portable Google" -- as a wireless retread of search engine criticisms.

However, in this case the critics are even farther off the mark than usual, because smartphones not only don't reduce our intelligence, they can be our saviors as we age.

Physiological studies show that our memory for much specific data usually begins to decline at the ripe old age of -- 20. Yeah, pretty depressing. But in contrast, our reasoning and analytic skills can in many cases continue developing throughout our lives without limit, as we integrate ever more experiences into the mix.

And here is where the smartphone (along with the vast information ecosystem that supports it) really becomes something of a technological miracle.

For there on your belt or in your purse is a little box that can act as an almost limitless adjunct to your own memory, to your own brain.

Type on it, talk to it. Ask it questions, note its reminders. Smartphones can provide us with very much the exact kind of information that our brains gradually become less adept at recalling past age 20 or so.

To argue that it's somehow wrong, somehow cheating or unethical or unnatural, to use these devices and their supporting infrastructures in this way, is itself as dumb and stupid as forcing a potentially brilliant future physicist to drop out of school because you wouldn't let them use a calculator.

Obviously, for smartphones to be most useful at all ages, issues of accessibility become paramount -- matters for ground-up consideration, not after-the-fact excuses. Input and output methodologies, font sizes and contrast, all become especially important, since our vision typically begins to decline at the same young age as our memory. These are all relatively straightforward user interface design issues though, given the will to deal with them appropriately.

It would probably be a pretty tough slog to get Plato comfortable with smartphones. On the other hand, he's quoted as saying: "We can easily forgive a child who is afraid of the dark; the real tragedy of life is when men are afraid of the light." And especially when it comes to smartphones and the immense value they can bring to us throughout our lives, only a fool would argue with Plato about that.

--Lauren--

Posted by Lauren at 03:25 PM | Permalink


March 13, 2015

Google Search Results and The Truth

My inbox these days tends to be something of a barometer of Internet hopes and fears, as comments and queries flow in from around the world on a range of topics.

I keep my own informal tally of my inbox trends, and while the results are usually fairly predictable based on what's in the news at the moment, sometimes there are notable surprises.

So you might expect -- and be correct -- that lately there's been a flood of email about the FCC's Net Neutrality decision -- mostly from confused folks who have bought the false propaganda of a "Big Brother" takeover of the Internet. However, no matter how essentially ridiculous their concerns, my policy is that if they're polite to me I always try to respond and explain realities as I see them.

But while the net neutrality brouhaha was predictable, my latest inbox trend is much more bizarre -- people in a panic that Google search results might be -- wait for it ... -- too truthful!

In particular, an array of (apparently mostly but not exclusively right wing) commentators have gone ballistic at the rumored prospect that Google might begin prioritizing -- that is, ranking more highly -- search results that are objectively correct and truthful.

Facts being emphasized over falsehoods -- oh the horror of it all!

These nutty complaints can seemingly be traced back to a recent Google research paper that discussed the technical issues surrounding the estimation of "trust" in Web-based sources, and how that kind of data could be usefully employed. The paper did not announce -- and Google has not announced -- any plans to actually implement the techniques described in that paper. Google may not ever use them.

But I'd be very happy indeed if Google did start giving truth a specific ranking boost in that manner or through some other similar procedure.

There's a twisted notion among the Google haters in particular that search results should somehow be "neutral" -- advocates frequently attempt to make loony and completely false comparisons with net neutrality.

But "neutral" Google search results -- or from any competing search service -- would be effectively worthless for the vast majority of searches, effectively turning search into a telephone white pages directory of unprioritized gobbledygook. The point of search is to return the most useful, relevant results -- and that normally should give a very heavy emphasis to truthful ones.

There's a saying that everyone has a right to their own opinions, but not their own facts. And there are significant areas where opinion reigns and objective truth cannot be reasonably ascertained to a level that would be suitable for ranking boosts. Various religious philosophies are in an obvious area where truth-ranking would likely be impossible -- though that doesn't necessarily mean that widely accepted historical facts regarding the impact of religions wouldn't be subject to various degrees of validation. That said, I'd probably avoid the whole area of religion in the truth ranking context.

Let's take an example like where President Obama was born. If you throw that query into Google, you'll actually get a top "fact box" that correctly notes Honolulu. Indeed, Google already usefully provides various sorts of knowledge boxes that show immediate, direct answers to common questions.

But the top organic search result currently is a page of Obama birth conspiracy theories from Wikipedia, and more to the point the third result is a page claiming Obama admitted to being born in Kenya.

How does a total wacko result rank so highly? Most likely because the site in question has a lot of inbound links (presumably from other wacko sites), which gives that result significant rank. If that ranking included a truth factor as a signal, it would likely be pushed much further down in the results -- where it rightfully belongs.

Now, one might argue that this really isn't such a big deal. After all, anyone with half a brain knows that Obama was born in the USA, and that the moon landings weren't faked, and that integrated circuits aren't powered by fairies on teeny-tiny treadmills.

But there are other areas where high ranking of utterly false and misleading information can do serious harm.

Anti-vaccine nuts continue to claim a connection between autism and vaccinations, long after the study they usually cite was utterly discredited. Global warming deniers spout all manner of fabricated false evidence and imaginary statistics. The list of crackpot claims that can do real damage to real people seems almost endless.

And while I would definitely not advocate muzzling these views -- I'm a free speech guy, after all -- I do not see any reason why their harmful and often hateful fantasies should rank highly along with objectively correct facts.

You can see the same problem on cable news. There can be 10K experts who agree that a vaccine is safe, but CNN or FOX News will seek out a buffoon who doesn't believe this, and give them equal ranking in a "debate" on air.

One might as well debate whether the Earth is actually flat as in medieval imagery. Probably coming soon to a cable news channel near you!

Folks terrified of truth in search rankings argue that Google shouldn't be the arbiter of what's correct or false.

But the reality is that Google wouldn't be making those decisions. Google would merely be reflecting objective facts that are overwhelmingly accepted as truth, rather than giving nonsense similar rankings merely by virtue of that silliness being widely publicized -- publicity does not equal truth.

So as far as I'm concerned, I'd love to see a Google Truth Mode in search results as the default. Hell, provide an option users could trigger to turn off Truth Mode if they wanted -- that could be very amusing for comparison. If some people want to live in their own fantasy mode that would still be their choice.

But I for one would prefer those fantasies not to be diluting truth when I do a search.

And that's a fact.

--Lauren--

Posted by Lauren at 11:09 AM | Permalink


Announcing "Troll Patrol" -- and Why Social Media Comments Are Crucial

We see them all the time now, proclamations related to articles or social media postings that say: "Don't read the comments!"

The fact that this has become a meme unto itself is both depressing and rather frightening, because comments on social media postings and Internet articles are not only crucial to the value of these materials, but also to free speech itself in a much broader context. And the very crux of "don't read the comments" really suggests that the trolls -- the idiots, the haters -- are winning, big time. I personally refuse to accept this without a fight. Communication and free speech is too important to be surrendered on any basis, particularly at the slimy hands of the trolls.

Posting and thread moderation is key to keeping social media and other commenting ecosystems viable. My view is that social media moderation at scale must depend first on automated filters and systems as the first pass -- ideally with sufficient controls and tools so that users can appropriately signal and train in the face of inevitable false positives and false negatives. This also suggests the need for ways to surface quarantined comments for moderator inspection and decision without exposing them to the entire readership in the process.

Beyond this, the tools available for moderators for their manual moderation tasks are crucial, with pre-moderation queues important as one available option, and ideally ways to "anoint" some commenters as pre-approved, ways to delegate moderation tasks in flexible ways, and so on.

I very recently created the Google+ community "Troll Patrol" for serious discussions of these and related issues, specifically to discuss topics surrounding social media abuse; comments; comment moderation techniques and tools; associated operational, policy and technical topics; free speech aspects, etc.

Everyone is welcome, unless you're a troll, of course.

My goal for Troll Patrol is to stay focused on practical processes and solutions that are workable at very large scales. I'd like to avoid diversions into the political motivations of particular comment abusers or discussion of politics in general, except to the extent that political realities might affect the practicality of any given approaches to solving the problems in focus.

It's a very big topic area and I'm under no illusions of easy fixes, but I hope we can together move the ball at least a bit forward in a positive way!

Hope to be seeing you there! Thanks all.

--Lauren--

Posted by Lauren at 08:42 AM | Permalink


March 12, 2015

Google Blows Trust Again: Kills "Google Code" Service

UPDATE (March 14, 2015): Google now states that rather than deleting unmigrated projects after December 2016 as implied in their original posting, they will instead be preserving those projects in a repository on googlesource. Apparently this was the plan all along. Why didn't they explain this originally? I dunno, but perhaps it was to encourage users to migrate on their own. If they'd been straightforward about this in the first place, it would have saved me an inbox full of concerned queries and an entire blog posting. Still, all's well that ends well.


Google seems to be on a roll lately when it comes to pulling the rug out from under users. Recently there was their sudden announcement of banning explicit materials from Blogger (quickly and wisely reversed -- for which I've thanked them in the name of free speech and courtesy to users).

Now comes word of another change which -- while on a somewhat longer fuse -- may ultimately do far more damage.

You may not have heard of Google Code (GC), but over the years it has become a key repository for important open source and other software projects, documentation, and other materials.

While Google Code has clearly been eclipsed by sites such as GitHub in recent years, the fact remains that for a vast number of technical software searches the only existing references link to materials stored only on Google Code.

Google announced on their Open Source Blog today that they are not permitting new projects on GC as of ... today!

The site goes read-only this summer, and early in January goes to "tarball-only" (bulk download) read-only status until the end of 2016. Then ... it all vanishes. Poof!

The end of 2016 may seem like some time away, but in terms of the Internet and software code resources it's just a blink of the eye.

Google complains of high levels of abuse on Google Code. One might argue that lack of sufficient support resources provided to GC for years is at the root of that issue, but let that pass for now.

Google also asserts that since they are providing tools and assistance for moving projects from GC to GitHub, that this all shouldn't be a big problem at all.

Wrong. It is a big problem, and here's why.

First, much of the code on GC is from older projects -- still critical for reference purposes -- but there's nobody actively maintaining their GC project archives. Administrative email addresses have changed, the archives have long been stable, and so on.

There literally won't be anyone to migrate enormous numbers of those archives to other sites, or even receive notices regarding their upcoming demise.

Yet for vast numbers of GC projects there are also enormous numbers of links that point deeply into those GC repositories. The first clue users will have when they search for those un-migrated projects a couple of years from now -- perhaps in a critical situation -- will be "404 -- That's all we know!" -- thanks a bunch.

Vanishing code. Vanishing documentation. You get the picture. Just dandy.

Worst of all, there are obvious ways that Google could have avoided this disappearing act.

The simplest would be to take the site read-only with appropriate notification banners and explanations, and keep it available indefinitely as an important archive -- not just for less than two years. I'm sure Google could spare the disk space.

Or, as the site shutdown date approached, Google could themselves migrate the currently un-migrated projects to GitHub. Would GitHub object to this if consulted appropriately beforehand? I doubt it.

And for all migrations, Google could offer link forwarding so that the GC link references are not lost.

There are also other possible approaches, virtually all of them superior to the path that Google has chosen in this case.

Yes, there would be ongoing administrative efforts and costs necessary for all except the "After December 2016 you're just out of luck, kid!" approach.

But Google isn't some fly-by-night operation. They have the knowledge, skills, and resources to deal with this situation in a much more user-friendly, trust-positive manner, helping to maintain Internet resources, rather then deleting them for convenience's sake.

It's knowing that Google knows how to do these things right, that makes decisions like this one regarding Google Code so inexplicable and so very disappointing.

UPDATE (11:14 AM): Google tells me that they will put in place for some unspecified period of time a link redirection service for moved projects. That's very useful and appreciated. But of course that does nothing for projects that haven't been moved. Google should migrate the projects themselves that have not been migrated by the deadline.

--Lauren--

UPDATE (March 14, 2015): Google now states that rather than deleting unmigrated projects after December 2016 as implied in their original posting, they will instead be preserving those projects in a repository on googlesource. Apparently this was the plan all along. Why didn't they explain this originally? I dunno, but perhaps it was to encourage users to migrate on their own. If they'd been straightforward about this in the first place, it would have saved me an inbox full of concerned queries and an entire blog posting. Still, all's well that ends well.

Posted by Lauren at 10:12 AM | Permalink


March 06, 2015

India Censors a Rape Documentary, and the Streisand Effect Goes Nuclear

We get a lot of laughs out of the so-called "Streisand Effect" -- the phenomenon of someone trying to cover up or otherwise limit public knowledge of some already public aspect of their life, and in the process drawing far more attention to the situation than would have been the case if they'd just kept quiet in the first place. When we're talking about a wealthy celebrity trying to suppress photos of their Malibu mansion -- that's what the Streisand Effect is named for, by the way -- at least a few chuckles seem entirely understandable.

But when governments unwittingly invoke the Streisand Effect via shortsighted, misguided, hamfisted attempts at censorship of important issues, it's difficult to find any humor on the stage.

So we now have the sorry spectacle of the government of India -- at least in theory the world's largest democracy -- petulantly and disastrously attempting to suppress the viewing of a BBC documentary exposing a nightmarish culture of rape within India itself.

That the situation has many complexities and subtleties is without question. A confluence of historical, cultural, religious, caste, and political forces are in play.

And while it's certainly true that problems with rape are not by any means restricted to India, the unique character of the problem there, including the bizarre twist of many government officials who apparently themselves have had accusations lodged against them involving abuse of women, creates a particularly convoluted tapestry.

It's into this sordid mix comes the new BBC documentary "India's Daughter" -- exploring in painfully but necessarily straightforward detail many key aspects and circumstances of this problem.

The Indian government had three choices in the face of this incredibly important film.

They could have ignored it. They could have embraced it as an element toward helping to solve their endemic problems with the abuse of women.

Then there's the choice they actually made -- the worst possible of them all.

The Indian government's choice was to attack the film, to attack the BBC, to attack the filmmaker -- then they acted as quickly as they could (but ineffectually, as we'll see) to try prevent their own citizens from seeing the documentary itself.

The actual visibility of the film in different parts of the world is tricky to catalog since it's a moving target, but one thing is pretty clear -- anyone who really wants to see it can find a way to do so.

The original broadcast version was on BBC-controlled outlets, and the BBC has followed its usual practice of asserting ownership rights to (try) remove unauthorized copies from the Net (e.g., from YouTube).

But the proliferation of copies -- both on YouTube and on other easily accessible Net venues -- has made that effort of limited success at best.

Of course since BBC does indeed control those rights, it's within their purview to exercise them.

The behavior of the government of India regarding this film falls into an entirely different category, however.

Variously asserting "risks to public order" and "damage to tourism" -- among other arguments -- the Indian government not only filed blocking demands with Google's YouTube -- with which Google has been complying as per local laws through geographical blocks --- but has also proclaimed the film a "defamation" of India. They've even proclaimed, seemingly taking a page from the EU's twisted sensibilities regarding "Right To Be Forgotten" censorship, that they'd like to find a way to ban the film globally.

Not a chance, India. Ain't gonna happen.

You know where this story is going. The censorship demands of India have vastly increased global awareness of "India's Daughter" and shot viewership globally (and in India) through the roof, for the multiplicity of copies and the relative ease of evading geo-blocks through a variety of technical means have made a laughingstock of the Indian government's reaction.

The real tragedy though isn't what this means for inept Indian government officials, but rather for the vast majority of people in India who are decent, hardworking, and even more horrified about the abuse of women in their country than are outside observers.

I've heard from a lot of them directly from India over the last couple of days.

Many heap criticism on their government, fearing that the government's behavior may be viewed in some quarters as an attempt to "cover up" or somehow justify abuse of women, and so reflect terribly on views of India globally.

Most note that they have been able to see the film despite the government's efforts to block it, and some are literally praying that the end result will be positive for India and particularly for women, despite their government's atrocious behavior.

Unfortunately and unsurprisingly, there are the vulgar trolls as well. I've been dealing with them on my Google+ threads on this topic -- I keep the "banhammer" on my belt right next to my phone, and the trapdoor lever is always close at hand -- and as usual these vermin have made their presence known on YouTube video comments as well.

You never want to feed the trolls, and you can't let yourself be distracted by them either.

Despite the immediate debacle of the Indian government's behavior regarding "India's Daughter" and their attempts to suppress it, the power of the Internet and yes, the Streisand Effect, will inevitably win the day in the end.

And regardless of angry machinations by Indian politicians against the best interests of their own citizens, the Internet sunlight pouring in to illuminate the specter of rape and other abuse of women in India is in the end unstoppable.

Not just in India, but around the entire globe, no matter how politicians pontificate and harass, ultimately the sands of censorship will still slip through their fingers.

This has tended to be historically true in the long run even before the time of the Internet, even before the coming of electronic communications in any form.

In the Internet age, it's even more of a truth that governments and leaders can attempt to ignore only unsuccessfully, and only with the most extreme of peril.

--Lauren--

Posted by Lauren at 11:15 AM | Permalink


February 27, 2015

Google's Gutsy Reversal: Explicit Content Blogger Ban Rescinded

Just a few days ago, in With Sudden Blogger Change, Google Drags Their Trust Problem Back into the Spotlight, I expressed strong concerns over Google's decision to both retroactively and proactively ban most "explicit content" from their Blogger platform, with only a month's warning and no real explanation offered at the time for such a dramatic policy change.

The next time someone tries to tell you that Google doesn't listen to user and other public concerns, you can prove that person wrong by pointing them at this story, because Google has now announced that they are completely rescinding that new policy.

It takes some serious fortitude to publicly admit when you've made a policy mistake. What's more, Google has taken the gutsy approach and has reversed the previous decision entirely. It would have been far easier -- given the real pressures that exist around explicit content -- to have left the new policy in place with an explanation and significantly extended deadlines.

But Google has instead chosen to reaffirm the freedom of expression foundation of Blogger that has helped make it so popular and useful for many years.

In so doing, they have made the correct decision for Google, for users, and for the principles of free speech and free expression that are currently under so much political and other duress.

Thanks Google.

--Lauren--

Posted by Lauren at 12:51 PM | Permalink


February 24, 2015

With Sudden Blogger Change, Google Drags Their Trust Problem Back into the Spotlight

Blog Update (February 27, 2015): Google's Gutsy Reversal: Explicit Content Blogger Ban Rescinded



I'm not a big fan of porn. I'd be lying if I claimed to never glance at it -- hell, I'm a human male, no excuses about that -- but explicit materials tend not to be anywhere near the top of my personal Web browsing catalog.

It's undeniable though that due to its highly controversial and widely variable definition, restrictions on "explicit" imagery in particular have long been at the forefront of freedom of speech issues and concerns, even among individual free speech advocates who may personally detest such content.

The reason is pretty obvious -- how governments and corporations handle these "edge" materials (that may often be viewed as "low hanging fruit") can be harbingers of how they will deal with other sensitive and controversial matters that fall into free speech realms, including access to historical information already published (the target of the EU's nightmarish "Right To Be Forgotten"), political information and criticisms, and ... well, it's a long list.

Abrupt changes in such policies -- particularly when announced without explanations -- tend to be particularly eyebrow-raising and of special concern.

So it is with considerable puzzlement and consternation that I yesterday saw Google's quite surprising announcement that they were banning most explicit imagery from their very popular and long-standing Blogger platform, and indeed with only 30 days notice and without any explanation whatsoever for this dramatic reversal in policy.

There are some limited and rather nebulous exceptions ("educational value" and the like -- sure to be the subject of heated disagreement), and users can download their existing sites to try move elsewhere, but the overall sense of the change is clear enough. Google is trying to kick such sites -- many of them essentially personal, alternative lifestyle, non-commercial public "diaries" of long-standing and with vast numbers of incoming links built up over many years -- out the Google door as rapidly as possible.

And let there be no mistake about it -- this is a sudden, dramatic, and virtually 180 degree change. Blogger has long explicitly celebrated freedom of expression, with "adult content" sites including an access warning splash page so nobody would be exposed to such materials accidentally.

That Google is within its rights to change this policy in the manner they have announced is totally true and utterly unassailable.

But the manner of their doing this drags back into focus longstanding concerns about how Google treats its users in particular contexts, particularly those users who might be considered to fall outside of "mainstream" society in any number of ways.

Google has indeed made some very significant positive strides in this area. Account recovery systems have been improved so that innocent (but sometimes forgetful) users are less likely to be locked out of their accounts and associated Google services. Google Takeout permits users to download their data from a wide variety of Google services to save locally or store elsewhere -- if they do this before the associated Google account is closed. (However, the "who's data is this anyway?" question still looms large in cases of forcible account closures due to various kinds of Terms of Service violations, when users may not be able to further access their data, even to download it -- this is a very complex topic.)

Though this seems not to be widely realized, Google+ no longer enforces "real name" requirements on users (only some completely rational Terms of Service restrictions to avoid serious abuses), and is now profile-friendly to users' own sexual orientations in a manner that really should be emulated by firms across the Web.

But the old trust fears, some of them trumped up propaganda from Google adversaries, others having at least some basis in fact -- about Google making sudden, seemingly inexplicable changes in terms and policies, altering or even rapidly deprecating services on which significant non-majority user communities depend -- are being reenergized seemingly as a sort of unforced error on Google's part.

And such errors can do real damage, both to users and Google. For most of the public does not view Google as a set of disparate and compartmentalized services, but rather as more of a unified whole, and perceived negative experiences with one aspect of the firm can easily drag down views of the firm overall, much to the delight of hardcore Google haters, by the way. This is why even if you don't care one iota about porn or other materials considered to be explicit, you should still be concerned about this Google policy change.

I care about Google's users and Google itself -- a firm that has accomplished amazing feats toward the betterment of the Internet and larger world over the course of a handful of years. I don't want to see those Google haters handed a gift package that can't help but assist their cause and attacks.

We could get into a lengthy discussion comparing the Blogger policies of long standing with those of YouTube, Google Ads, and the like, but while interesting, such analysis here and now would not be particularly relevant to the immediate situation at hand.

The bottom line is that a dramatic change of policy that negatively affects users who have been following the rules to date, is deserving of significant warning notice (not merely a month -- many of these sites have been operating for many years, some perhaps even since before Google's acquisition of Blogger in 2003). I would have recommended (absent some difficult to postulate legal urgency forcing a faster timeline) at least 90 days as an absolute minimum, ideally far longer.

That would be putting your users first, especially when deploying a policy change that will disrupt them greatly. And please, no excuses that "only a small percentage" of users would be affected. At Google scale even tiny percentages can represent a whole bunch of live human beings, and how you treat users who are easily marginalized can be representative of broader attitudes in very significant ways.

And notably, I would have offered a simultaneous clear and honest public explanation of why this total about-face on such a matter of direct free expression concerns had been deemed necessary or otherwise desirable. That's just common courtesy.

The world won't come to an end with this Blogger policy change by Google. There will still be virtually limitless sources for porn and other explicit imagery elsewhere, and most affected personal bloggers will find other platforms and over time perhaps rebuild their communities.

But the real story here isn't about sex or images or blogging at all. It's about how to treat people with respect, even when a particular group represents a small minority of total users, and even when they express controversial views via explicit materials. It could be argued that it's in these more contentious areas that treating users right is especially important.

Given the information I have at hand right now regarding this abrupt Blogger policy change and the circumstances surrounding it, I am very disappointed in the way Google has handled the overall situation.

I say this because I feel that Google is a great company -- and I not only believe that Google can do better with such matters -- I know that they can.

--Lauren--

Blog Update (February 27, 2015): Google's Gutsy Reversal: Explicit Content Blogger Ban Rescinded

Posted by Lauren at 09:44 AM | Permalink


February 22, 2015

Blaming the Internet for Terrorism: So Wrong and So Dangerous

You can almost physically hear the drumbeat getting louder. It's almost impossible to read a news site or watch cable news without seeing some political, religious, or "whomever we could get on the air just now" spokesperson bemoaning and/or expressing anger about free speech on the Internet.

Their claims are quite explicit. "Almost a hundred thousand social media messages sent by ISIL a day!" "Internet is the most powerful tool of extremists." On and on.

Now, most of these proponents of "controlling" free speech aren't dummies. They don't usually come right out and say they want censorship. In fact, they frequently claim to be big supporters of free speech on the Net -- they only want to shut down "extremist" speech, you see. And don't worry, they all seem to claim they're up to the task of defining which speech would be so classified as verboten. "Trust us," they plead with big puppy dog eyes.

But blaming the Net for terrorism -- which is the underlying story behind their arguments -- actually has all the logical and scientific rigor of blaming elemental uranium for atomic bombs.

Speaking of which, I'd personally be much more concerned about terrorist groups getting hold of loose fissile material than Facebook accounts. And I'm pretty curious about how that 100K a day social media messages stat is derived. Hell, if you multiply the number of social media messages I typically send per day times the number of ostensible followers I have, it would total in the millions -- every day. And you know what? That plus one dollar will buy you a cup of crummy coffee.

Proponents of controls on Internet speech are often pretty expert at conflating and confusing different aspects of speech, with a definite emphasis on expanding the already controversial meanings of "hate speech" and similar terms.

They also note -- accurately in this respect -- that social media firms aren't required to make publicly available all materials that are submitted to them. Yep, this is certainly true, and an important consideration. But what speech control advocates seem to conveniently downplay is that the major social media firms already have significant staffs devoted to removing materials from their sites that violate their associated Terms of Service related to hate speech and other content, and what's more this is an incredibly difficult and emotionally challenging task, calling on the Wisdom of Solomon as but one prerequisite.

The complexities in this area are many. The technology of the Net makes true elimination of any given material essentially impossible. Attempts to remove "terrorist-related" items from public view often draw more attention to them via the notorious "Streisand Effect" -- and/or push them into underground, so-called "darknets" where they are still available but harder to monitor towards public safety tracking of their activities.

"Out of sight, out of mind" might work for a cartoon ostrich with its head stuck into the ground, but it's a recipe for disaster in the real world of the Internet.

There are of course differences between "public" and "publicized." Sometimes it seems like cable news has become the paid publicity partner of ISIL and other terrorist groups, merrily spending hours promoting the latest videotaped missive from every wannabe terrorist criminal wearing a hood and standing in front of an ISIL flag fresh from their $50 inkjet printer.

But that sort of publicity in the name of ratings is very far indeed from attempting to control the dissemination of information on the Net, where information once disseminated can receive almost limitless signal boosts from every attempt made to remove it.

This is not to say that social media firms shouldn't enforce their own standards. But the subtext of information control proponents -- and their attempts to blame the Internet for terrorism -- is the implicit or explicit implication that ultimately governments will need to step in and enforce their own censorship regimes.

We're well down that path already in some ways, of course. Government-mandated ISP block lists replete with errors blocking innocent sites, yet still rapidly expanding beyond their sometimes relatively narrow original mandates.

And whether we're talking about massive, pervasive censorship systems like in China or Iran, or the immense censorship pressures applied in countries like Russia, or even the theoretically optional systems like in the U.K, the underlying mindsets are very much the same, and very much to the liking of political leaders who would censor the Internet not just on the basis of "stopping terrorism," but for their own political, financial, religious or other essentially power hungry reasons as well.

In this respect, it's almost as if terrorists were partnering with these political leaders, so convenient are the excuses for trying to crush free speech, to control that "damned Internet" -- provided to the latter by the former.

Which brings us to perhaps the ultimate irony in this spectacle, the sad truth that by trying to restrict information on the Internet in the name of limiting the dissemination of "terrorist" materials on the Net, even the honest advocates of this stance -- those devoid of ulterior motives for broader information control -- are actually advancing the cause of terrorism by drawing more attention to those very items they'd declare "forbidden," even while it will be technologically impossible to actually remove those materials from public view.

It's very much a lose-lose situation of the highest order, with potentially devastating consequences far beyond the realm of battling terrorists.

For if these proponents of Internet information control -- ultimately of Internet censorship -- are successful in their quest, they will have handed terrorists, totalitarian governments, and other evil forces a propaganda and operational prize more valuable to the cause of repression than all the ISIL social media postings and videos made to date or yet to be posted.

And then, dear friends, as the saying goes, the terrorists really would have won, after all.

Be seeing you.

--Lauren--

Posted by Lauren at 05:17 PM | Permalink


February 19, 2015

Google Glass vs. The USA's R&D Toilet

If you're a regular consumer of the computer industry trade press -- a strong stomach strongly recommended -- you've probably seen a bit of gloating lately about Google pulling their Google Glass device from most consumer marketing.

Mainstream media has picked up the drumbeat too, with even major publications like The New York Times very recently running stories purporting to explain why Google Glass has "failed" or how this is emblematic of Google's supposedly imminent fall.

Those stories sound pretty scary. They're also utterly wrong. And they're wrong in a way that exemplifies why so much of U.S. industry is in a terrible research and development (R&D) slump, and why Google should be congratulated for their "moonshots" -- not ridiculed.

Once upon a time -- not so long ago relatively -- there was a reasonable understanding in this country that long-term R&D was crucial to our technological, financial, and personal futures. That's long-term as in spending money on projects that might take a long time to pay off -- or might never pay off for the firms making the investments -- but that still might play crucial roles in our future going forward.

When we think about the foundation of modern R&D, it's typical for AT&T's Bell Telephone Laboratories (Bell Labs) to spring immediately to mind. Not the Bell Labs of today -- an emaciated skeleton of its former greatness -- but of the years before AT&T's 1984 Bell system beak-up divestiture and shortly thereafter.

The list of developments that sprang forth from the Labs is mind-boggling. If Lucent Technologies did nothing else when they took over Bell Labs and hastened its decline, at least they produced in 2000 this great music video celebrating the Labs' innovations over the many decades. Mentally start subtracting out items from the list shown in that video and watch how our entire modern world would crumble away around us.

Yet -- and this is crucial -- most of those Bell Labs technologies that are so much a part of our lives today were anything but sure bets at the time they were being developed. Hell, who needs something better than trusty old vacuum tubes? What possible use is superconductivity? Why would anyone need flexible, easy to use computer operating systems?

It's only with the benefit of 20/20 hindsight that we can really appreciate the genius -- and critically the willingness to put sufficient R&D dollars behind such genius -- that allowed these technologies to flourish in the face of contemporaneous skepticism at the time.

Much of that kind of skepticism is driven by the twin prongs of people who basically don't understand technology deeply, and/or by investors who see any effort to be a waste if it isn't virtually guaranteed to bring in significant short-term profits.

But we see again and again what happens when technology companies fall prey to such short-term thinking. Magnificent firms like Digital Equipment Corporation (DEC) vanish with relative rapidity into the sunset to be largely forgotten. Household names like Kodak flicker and fade away into shadows. And as noted, even the great Bell Labs has become the "reality show" version of its former self.

Nor is it encouraging when we see other firms who have had robust R&D efforts now culling them in various ways, such as Microsoft's very recent closing of their Silicon Valley research arm.

It probably shouldn't be surprising that various researchers from Microsoft, Bell Labs, and DEC have ended up at ... you guessed it ... Google.

So it also shouldn't be surprising why it's difficult not look askance at claims that Google is on the wrong path investing in autonomous cars, or artificial intelligence, or balloon-based Internet access -- or Google Glass.

Because even if one chooses inappropriately and inaccurately -- but for the sake of the argument -- to expound pessimistic consumer futures for those techs as currently defined, they will still change the world in amazingly positive ways.

Internet access in the future inevitably will include high altitude distribution systems. AI will be solving problems the nature of which we can't even imagine today. Many thousands of lives will be saved by improved driver assist systems even if you sullenly choose to assume that autonomous cars don't become a mass consumer item in the near future. And medical, safety, and a range of industrial applications for Google Glass and similar devices are already rapidly deploying.

This is what serious R&D is really all about. Our collective and personal futures depend upon the willingness of firms to take these risks toward building tomorrow.

We need far more firms willing to follow Google's R&D model in these regards, rather than being utterly focused on projects that might suck some coins quickly into the hopper, but do little or nothing to help their countries, their peoples, and the world in the long run.

Here in the U.S. we've willingly and self-destructively permitted short-term Wall Street thinking to flush much of our best R&D talent down the proverbial toilet.

And unless we get our heads on straight about this immediately, we'll be sending our futures and our children's futures down the same dark sewer.

We are far better than that.

Take care, all.

--Lauren--

Posted by Lauren at 03:12 PM | Permalink


February 07, 2015

Stop the Mass Hacks Attacks: Use Strong 2-Factor Authentication or Go to Jail!

I'm opposed to capital punishment for a whole slew of reasons, but every time I hear about a hack attack exposing masses of innocent persons' information, I find myself reconsidering that penalty -- not for the hackers, but for the irresponsible system administrators and their bosses who leave their operations so incredibly exposed when effective solutions are available -- and have been for quite some time.

OK, perhaps capital punishment for them would be going a bit too far, but I'll bet that spending a couple of years shackled in a cell with their new best friend "Bubba" would impress upon them the seriousness of the situation.

If we look at what is publicly known about the recent Sony hack, and the just announced and potentially much more devastating Anthem attack -- plus a whole list of other similar mass data thefts, a number of common threads quickly emerge.

First, these typically have nothing to do with failures of communications link security. They weren't attacks on SSL/TLS, they didn't involve thousands of supercomputer instances chomping on data for months to enable the exploits. Nor were they in any way the fault of weak customer passwords -- which are bad news for those customers of course, but shouldn't enable mass exploits.

By and large, what you keep hearing about these case is that they were based on the compromise of administrative credentials.

What this means in plain English is that an attacker managed to get hold of some inside administrator's login username and password, typically via email phishing or some other "social engineering" technique.

When these successful attacks are belatedly reported to the affected customers and the public, they're almost always framed as "incredibly sophisticated" in nature.

That's usually bull, a way to try convince people that "Golly, those hackers were just so incredibly smart that even our crack IT team didn't have a chance against them!"

Usually though, the attacks are incredibly unsophisticated -- they're simply relentless and keep pounding away until somebody with high level administrative access falls for them. Then, boom!

It's often argued that important financial and similar data should be kept encrypted -- and this is certainly true. But so long as system administrators have the need and ability to access data in the clear, encryption alone doesn't address these problems. Rigorous control and auditing systems to prevent unnecessary access to data en masse can also help ("Does Joe really need to copy 80 million customer records to a Dropbox account?") -- but this won't by itself solve the problem either.

The foundational enabling feature of so many successful mass attacks is failures of authentication protocols and processes in the broadest sense, and ironically, getting a handle on authentication is at least relatively straightforward.

Many firms aren't terribly interested in implementing even middling quality authentication, because they have faith in their firewalls to keep external attacks at bay.

This is an incredibly risky attitude. Over-reliance on firewalls -- that is, perimeter computer security -- is sucker bait, because once an intruder obtains high level administrative credentials, they can often plant software inside the firewall, and send data out in various ways with relative impunity. After all, most corporate firewalls are designed to keep outsiders out, not to wall insiders off from the public Internet.

To put this another way, a properly designed security system should in most instances be location agnostic -- employees should be able to work from home with the same (hopefully high) level of security they would have at the office. This isn't to say that secure deployment and administration of VPNs and associated systems are trivial, but they aren't rocket science, either.

Yet the real elephant in the room is at the basic authentication level, the usernames and passwords that most firms still rely upon as their only means of administrator authentication on their internal systems. And so long as this is the case, we're going to keep hearing about these mass attacks.

Yes, you can try force employees to choose better passwords. But passwords that are hard to remember get written down, and forcing them to be changed too often can make matters worse rather than better. The problem cannot be solved with passwords alone.

And -- "surprise, surprise, surprise" (as Gomer Pyle used to say -- go ahead, Google him) -- the technology to drastically improve the authentication environment not only exists, but is already in use in many applications that arguably are of a less critical nature in most cases than financial and insurance data.

I'm speaking of 2-factor or "multiple factor" authentication/verification systems, the requirement that system access is based on "something you know" and "something you have" -- not on just one or the other.

One of the best implementations of 2-factor is that deployed by Google, which offers a variety of means for fulfilling the "what you have" requirement -- text messages, phone calls, phone apps, and cryptographic security keys.

Different forms of multiple factor have varying relative levels of protection. For example, the use of "one time passwords" generated by apps or hardware tokens is not absolutely phishing-proof, but is a damned sight better than a conventional username and password pair alone. Security keys, which can interface with user systems via USB or in some cases NFC (Near Field Communications) technology, are the most secure method to date, and a single key can protect a whole variety of accounts -- even at different firms -- while still keeping the associated credentials isolated from one another.

And this brings us back to Bubba. While one never wants unnecessary mandates and legislation, sometimes you can't depend on industry to always "do the right thing" when it comes to security, when the intrinsic costs for the sloppy status quo are relatively low.

So while some countries and U.S. states do have laws about encryption of customer data, or notification of customers when breaches occur, there is little sense of closing the barn door before -- not after -- the cows have escaped.

After all, these careless firms usually have pretty easy outs when big breaches occur. They offer you free "credit monitoring" after the fact. Gee, thanks guys. They usually manage to pass along associated costs and fines to their customers. Another big thank you punch to the gut.

How to really get their attention?

Maybe they'd notice potential prison time for top executives of firms that deal primarily with sensitive consumer personal information (like banks, insurance companies, and so on) who voluntarily refuse to implement appropriate, modern internal security controls -- such as strong multiple factor logins -- and then suffer mass consumer data hacks as a result.

I'm not even arguing here and now that they must provide such systems to their individual customers -- though they really, seriously should. Nor am I suggesting such sanctions for failure of security systems that were deployed and operating competently and in good faith. After all, no security tech is perfect.

But I am putting forth the "modest proposal" that these types of firms be given some reasonable period of time to implement internal security systems including strong multiple factor verification, and if they refuse to do so and then suffer a mass data breach, the associated executives should be spending some time in the orange or striped jumpsuits.

Perhaps that prospect will light a fire under their you-know-whats.

Now, do I really believe it's likely that anything of this sort will actually come to pass? Hell no, after all, these are the kinds of firms that basically own our politicians.

But then again, if enough of these mass data thefts keep occurring, and enough people get seriously upset, the dynamic might change in ways that would have seemed fanciful only a few years earlier.

So despite the odds, my free advice to those execs would be to get moving on those internal multiple factor authentication systems now, even in the absence of legislative mandates requiring their use.

Because, ya' know, Bubba will be patiently waiting for you.

--Lauren--

Posted by Lauren at 09:40 AM | Permalink


January 15, 2015

Why Western Governments Want to Destroy Computer Security -- and Your Security Along the Way

It's always illuminating when the longtime enemies of security and free speech come out from the shadows, making their intentions and sensibilities crystal clear for all to see and understand.

Nope, I'm not talking about terrorists of whatever stripes -- we've always known how criminal scum like that thinks and how they desire to remake the world in the image of their tiny minds and 13th century mindsets.

Nor am I speaking of Putin, Kim Jong-un, Ali Khamenei, Xi Jinping, or the like -- the iron fist with which these leaders desire to control speech and suppress domestic dissent is all too obvious even at a glance.

No. I'm painfully forced to note the new threat matrix aimed squarely at shedding our free speech and security rights that is spewing squarely from Western governments -- from the U.S., U.K, and across the length and breadth of Europe.

It's tempting to suggest that this renewed push to strip us of these fundamental rights was triggered by the recent devastating terrorist attack in Paris -- but that horrendous event serves only as an excuse for a long simmering, long sought crackdown on Internet speech and security that has been smoldering for ages.

Going all the way back to 1993 and the fiasco of the proposed U.S. "Clipper Chip" reveals the U.S. intelligence community's fear of strong cryptography. And today, the EU's enthusiastic embrace of the nightmarish "Right to Be Forgotten" concept, and their push to apply that EU censorship system across the entire world, gives us clues to European motives along these lines.

So for anyone really paying close attention to these matters, the dots were already pretty much in place, certainly sufficiently so that the latest proposals from Western leaders shouldn't come as any kind of significant surprise.

And those repulsive proposals have been arriving hot and heavy over the last few days.

President Obama is reportedly to offer a vast expansion of criminal penalties for "computer hacking" broadly defined, and as part of that legislative package also to vastly expand the definition of hacking in the process.

If you thought the late Aaron Swartz really had the book thrown at him by DOJ, the new proposals would likely make that look like a paperback novel compared with a wall of ancient encyclopedias dumped on the heads of future defendants.

The details we've heard so far reportedly suggest that at the discretion of prosecutors, merely clicking the wrong link on a public site, or conducting perfectly legitimate cybersecurity research, could net you being shackled in a federal cell for a decade or more.

But it gets worse.

Western leaders, led by David Cameron of the UK, appear poised to demand that all Internet communications be subject to data retention and monitoring by governments, and that no applications be permitted to deploy encryption that the government could not disable or defeat on demand. Prime Minister Cameron has said this explicitly of late, and is seeking support from other European leaders and President Obama for this disastrous concept.

Let's be crystal clear about this. While the initial discussion might revolve around instant messaging apps, it's obvious that the logical and inevitable extension of this concept is to require the undermining of all Internet encryption. Email. PGP. SSL/TLS. The works.

And what you can't backdoor or otherwise undermine you simply outlaw, with criminal penalties draconian enough to scare off all but the most dedicated or masochistic of free speech and security activists.

The word "security" is critical here, because while these leaders are claiming that such proposals would enhance security to "protect us from the terrorists" -- in reality the proposed decimation of the foundational structures of cryptographic systems would put all of us -- our personal information, our power systems, our industrial facilities, and so many other aspects of our lives -- at the mercy of cyberattacks newly enabled by such weakened and so inevitability exploitable encryption ecosystems.

Without any exaggeration, this may easily be the most serious threat to Internet security -- and so to the entire global community that now depends on the Internet for so many facets of our lives -- since the first ARPANET messages clattered over a teletype at UCLA decades ago.

Legitimate and measured means to fight against the scourge of terrorism are essential. But those do not include trying to convert the secure communications of law abiding citizens -- billions of them -- into "tap on demand" portals for government snoops, no matter how ostensibly laudable or graphically terrifying those officials attempt to frame their arguments.

We've all come to expect the "government owns your communications" propaganda from Putin and his ilk.

To hear the same sort of twisted reasoning -- no matter how candy coated or sprinkled with excuses -- flinging forth from our Western leaders is disheartening in the extreme, and must not be accepted without vigorous challenge, debate, and due consideration for the enormous damage such proposals could easily wreak on us all.

--Lauren--
I am a consultant to Google -- I speak only for myself, not for them.

Posted by Lauren at 02:25 PM | Permalink


January 08, 2015

The Charlie Hebdo Assassinations, Free Speech, and The Right To Be Forgotten

You can watch and hear it spreading virally around the world -- a chant of defiance against evil: "Je Suis Charlie" - "I am Charlie" -- crowds, signs, hashtags -- it's everywhere, and it deserves to be.

And in the wake of the hideous mass assassinations at the offices of Charlie Hebdo in Paris, suddenly France, Europe, and the rest of the world are very suddenly very enthusiastic indeed about free speech.

Lest there be any confusion about the matter, free speech -- even obnoxious, ridiculing speech -- even speech that sometimes is immensely disturbing and painful to innocent parties, is a fundamental aspect of this phenomenon. For provocation via free speech was Charlie's stock in trade, and the proud avocation of its murdered staff.

They had been physically attacked before. At least one now senior staff member -- killed in this attack -- reportedly had continuous police protection. Recorded employee interviews display clearly not only that Charlie's writers and cartoonists understood how offensive and disturbing much of their publication was to many persons, but also that they were fully cognizant of how potentially dangerous to themselves this could be. They routinely rejected outside suggestions, even by world leaders such as President Obama, that in some cases they were exacerbating problems rather than helping to solve them. For indeed, the freedom to say something doesn't necessarily mean that it's always appropriate to actually say it.

But except in a relatively minuscule number of situations where immediate, direct physical risk to individuals or property are involved, we must hold the right to free speech as inviolate, as one of the most fundamental of human rights.

For when speech is censored or otherwise controlled by governments, we lose access to the fundamental raw material -- information -- by which we can determine what's really going on around us affecting the lives of ourselves, our colleagues, and our loved ones.

It is entirely appropriate in the wake of the Paris horror that we also now hear people around the world quoting Evelyn Beatrice Hall's famous illustrative line from her 1906 biography of French writer, historian, and philosopher François-Marie Arouet -- Voltaire -- "I disapprove of what you say, but I will defend to the death your right to say it."

So it is notably ironic indeed that it's from Europe itself that the single most dangerous and potentially damaging anti-free speech abomination has spewed forth -- the EU's notorious "Right To Be Forgotten" (RTBF), since the very concept of RTBF -- which the EU is now proposing be applied as a global censorship mechanism against Google and other websites -- is utterly and absolutely in conflict with the entire basis of free speech.

Even if for the sake of the argument we momentarily ignore the slippery slope nightmare of RTBF-type laws in the hands of evil leaders and others whose goals are to cleanse history of search results of which they don't approve or appreciate, the foundational idea of RTBF, the false belief that it is possible to slice and dice and micromanage free speech without destroying it, is utterly specious and immensely dangerous.

If we are to stand as a world in support of free speech in the vein of the murdered patriots of Charlie Hebdo, we must also stand united against the gross hypocrisies represented by The Right To Be Forgotten and similar concepts around the world.

To do less would be to dishonor the many brave persons who have died in the name of free speech -- not only in Paris this week, but throughout history.

We are all Charlie. And we are all the Internet.

And free speech must remain truly free.

Take care, all.

--Lauren--
I am a consultant to Google. I speak only for myself, not for them.

Posted by Lauren at 09:15 AM | Permalink


December 24, 2014

To President Obama, Sony Pictures, and The World on this Christmas Eve

Once upon a time -- not so very long ago, because I can remember it quite clearly myself -- it was traditional to release films and shows for Christmas Day that celebrated the underlying message of peace and hope inherent in Christmas -- a message I believe we can all appreciate regardless of our religious affiliations, religious beliefs, or lack thereof. It's not often that I quote the New Testament or any religious works, but buried down in John 8:7 a key personage is quoted as making a rather profound statement about he who is without sin casting the first stone. And for Christmas, I would assert that this concept especially applies.

Anyone who truly believes that the celebration of a trash, adolescent "comedy" focused on assassinating the current (yes, dictatorial, murdering, evil, vile) leader of North Korea is likely to do anything other than make matters worse for the oppressed populations there -- well, you're living in the nightmare twin of Fantasyland.

And while none of us would celebrate the mess that the Sony hack has created for their innocent employees and ex-employees, it is also a fact that Sony's longstanding abysmal computer security practices left them wide open for such an attack -- regardless of whoever actually launched it (and a wide variety of technical observers, including myself, are highly skeptical that it was actually North Korea, despite convenient U.S. federal government claims).

So I for one am unwilling to reward Sony for an awful film concept -- I'd categorize any film that tried to make light of killing an actual, living human being that way (no matter how awful that person might be).

It is also the case that documents revealed in that hack -- there's no way to ignore them or get them back into the bottle -- have revealed Sony's complicity in an underground effort to effectively seize control of Internet freedom of communications, in furtherance of protecting their own perceived intellectual property rights -- collateral damage to everyone else be damned! Yet another reason not to reward or celebrate Sony.

So I have a modest suggestion. Instead of paying to see The Interview when Sony launches its limited debut on Christmas Day, head over to:

https://www.youtube.com/watch?v=8AFfPsvbyvs

There you will find (at least for now) the entire, uncut, wonderful 1962 presentation of Mr. Magoo's Christmas Carol. I've discussed this marvel in other venues in the past, but for now I'll simply note that this adaptation of Charles Dickens' A Christmas Carol still rates among the most popular versions, all these decades later. The songs being written by the Broadway team of Jule Styne and Bob Merrill, who shortly thereafter collaborated on Funny Girl -- are no small part of its magic.

My original more extended comments about this program are at this 2011 G+ posting (the video clip linked to that posting appears to no longer be fully intact):

https://plus.google.com/u/0/+LaurenWeinstein/posts/C3DJ5sAY21k

So please. We all know that North Korea is probably the most horrible place to live on Planet Earth. But don't reward Sony for this awful mess that they themselves enabled through their own unforced errors.

I fully support those theaters and online venues that have chosen to make this movie available in the interests of free speech. But that doesn't mean you're required to watch it. A film like this is unlikely in the extreme to bring about positive change in a horrible place like North Korea. If anything, it could drive their insane leadership to even further internal repression.

So my personal recommendation is to ignore this film. Instead, fire up the Chromecast, or the Google TV box, or the Roku, or the Amazon Fire, or the smart TV, and watch Mr. Magoo's Christmas Carol on the big screen, from a beautiful print that TV viewers couldn't imagine ever seeing back in 1962!

Peace to you all for Christmas and this holiday season.

Take care, everyone.

--Lauren--
I am a consultant to Google. I speak only for myself, not for them.

Posted by Lauren at 08:51 AM | Permalink


December 18, 2014

How We're All Being Suckered Over the Sony Hack

By now you've heard that Sony has canceled (for the moment, anyway) the debut of a controversial "comedy" film concerning a plot to assassinate the current leader of North Korea. Given that North Korea indeed has an evil, vile government, Sony apparently thought that a vile, tasteless film was the appropriate response -- very 21st century Hollywood thinking, indeed.

Sony's suspension of "The Interview" -- ostensibly in response to the mass hacking of their corporate systems and associated threats -- has already become a new talking point among proponents of controversial legislation that would almost certainly ultimately give the government vast new abilities to monitor and control privately owned networks and computer systems -- "for those private firms' own good" of course.

Yeah. Of course. But who are we mere computer scientists and technologists to argue with the likes of world-renowned "cybersecurity expert" Newt Gingrich, who has already declared that the Sony hack and Sony's response means that the USA has "lost its first cyberwar." Wow, that sounds scary.

And hell, if Newt proclaims something, it must be true.

Or not.

The very nature of this situation suggests that we will never know the real truth of the matter.

But boys and girls, my gut feeling is that we're being seriously suckered.

First we're told that the Sony hack was incredibly sophisticated and brilliant, of the sort that (supposedly) only a well-funded nation-state could muster.

Then we start to hear from researchers who have looked at this in more detail, and we learn that the actual exploit was relatively simplistic and run-of-the-mill, rather sloppy in fact.

So how could such a crude exploit do so much damage to Sony?

Well, we've also now learned that -- reportedly -- Sony's computer security practices were well known within the company as being somewhere south of McMurdo Station -- that is, really abysmally sloppy and inept.

So you apparently didn't need a nation-state with vast cyberwar attack resources to pull this off. Perhaps a bored 18-year-old looking for "lulz" from his parents' basement would be more than adequate to the task.

Given all this, why are we seeing so much focus on North Korea? Why is the U.S. government saying that North Korea is "behind" the attacks -- or that at least some group "allied" with North Korea was responsible.

Or maybe just someone who has "heard" of North Korea?

Let's face it. Since this attack has been tied to a film that at the very least attempted to make sick "fun" of assassinating Kim Jong-un, one might say (if one was of a conspiratorial mindset about this) that it all almost seems "purpose built" as a mechanism to justify whatever new anti-North Korea sanctions have been simmering in the background.

And as I noted earlier, it also fits in very nicely with the "government needs to be in charge of private computer security" storyline as well.

However, we don't even need conspiracies to work this one out to a significant degree of confidence.

These kinds of cyberattacks are notoriously difficult to source. There are so many ways to confuse and obfuscate and false flag and misdirect -- that we're unlikely to ever know with certainty who was actually behind the Sony hack itself.

Yet we do know with certainty that there are commercial "cybersecurity" firms itching to leverage panic into sales, and government "cyberwar" divisions always on the prowl for excuses to further inflate their already obscenely bloated budgets.

So ... which is going to play more effectively into these narratives -- the 18-year-old in the basement lounge chair with a keyboard in their lap ... or a nightmarish cyberattack conveniently pinned on the megalomaniac leader of a pariah nation?

Yes, I could be wrong. Maybe we're actually getting the straight story on all this from our elected officials and their multitude of minions. Maybe this all really was a dastardly attack by North Korea on a mediocre Sony film.

Then again, there's a bridge over the East River connecting with New York City that you might want to buy as well.

Just sayin' ...

Be seeing you.

--Lauren--
I am a consultant to Google. I speak only for myself, not for them.

Posted by Lauren at 01:16 PM | Permalink


October 24, 2014

Stop the Ebola Witch-Hunt!

There's a wonderful old 1963 episode of the classic original "The Outer Limits" series called "The Sixth Finger."

It stars David McCallum as a man who is artificially and rapidly evolved into the human of the far future, both in terms of physical appearance and vastly enhanced intellect.

At one critical juncture, as he surveys the pitiful confusion of the ordinary humans who want to destroy him for being different, he proclaims, "Your ignorance makes me ill and angry."

But you don't have to be a super-intellect to feel both ill and angry at the spectacle of the current Ebola witch-hunt, being largely orchestrated by so-called radio and television "journalists" and lowlife politicians, with masses of ordinary folks being whipped into a frenzy of hate and prejudice as a predictable (and we may reasonably assume, intentional) result.

The worst offenders are the usual sycophant suspects. Moronic right-wing talk show hosts like Rush Limbaugh, the FOX News clowns, and the rest of the theocratic, anti-science, anti-health care, racist boosters of the rich and haters of the poor. You can tune them in anytime, ranting that Ebola is all a plot by Obama, that we should ban anyone who has been in Africa, and that we're about to be destroyed by an Ebola mutated into an airborne horror.

Sad to say, CNN -- once a great news organization -- now spinning out of control into the pit of mediocrity under the reigns of Jeff Zucker, has been a particular offender, going wall to wall for ratings with breathless, panicked Ebola stories, only sidetracking into other items if they're bloody enough or feature globe-trotting chefs or the new retread of "Dirty Jobs." In fact, one of the few sane recent commentaries I've seen on cable news lately about Ebola actually was on FOX News -- proving once again the old adage about a stopped clock not being incorrect quite all of the time.

And the Internet is now playing a major role as well. Blogs and other social media are being used to spread completely false rumors about Ebola outbreaks and deaths in the U.S., or attempting to capitalize on fake Ebola cures. Facebook and Twitter are being used today to vilify a doctor back from treating Ebola patients who has now tested positive for the disease.

Naturally, these purposeful attempts at panicking the populace are having nightmarish, sickly effects. One of those effects is to terrify health care workers, who know all too well what the sorts of demands now coming from talk show hosts, politicians, and panicked citizens would mean in terms of making a horrible situation in Africa even worse.

Attempts to ban persons who have traveled or transited from Africa would decimate relief efforts, as would country-specific travel bans in general. Demanding that every symptom-free health care worker who has been trying to help Ebola patients be quarantined upon return is not only unnecessary but would vastly undermine the willingness of health care workers to volunteer for such efforts in the first place. Meanwhile, where Ebola really is endemic -- in Africa -- it would continue to spread in the horrendous living conditions and primitive health care environment there -- putting ever more people in Africa at genuine risk.

Now, get this through your thick skulls, you idiot Ebola panickers and profiteers ...

The only people who get Ebola are ones who are in direct, close contact with persons in the throws of major Ebola symptoms -- like vomiting, horrible coughing, and other symptoms you wouldn't want to be anywhere near even if all they represented was a case of the flu.

It is not an epidemic here. It is not going to be an epidemic here.

And speaking of the flu -- now that's something you should be worried about! Thousands die every year from the flu here in the U.S., many for lack of simple vaccinations (thank the anti-vaccine nutcases for contributing to that). Unlike Ebola, the flu is airborne and easily spread.

Oh yes -- and ironically, the same GOP fanatics so desperate to repeal the Affordable Care Act ("Obamacare") that has provided millions with insurance and preventative care against diseases such as the flu, are the same hateful creatures who are out there now seemingly demanding draconian restrictions against anyone who even utters the word "Ebola" in public.

And just to be clear, this isn't just a GOP-orchestrated witch-hunt -- though they're the masters of the method. There are also Democratic politicians who are playing the Ebola scare card for all it's worth.

Given the toxic political landscape, it's six of one and half a dozen of another (and I don't mean "Outer Limits" fingers in this case) when it comes to reigning in our politicians on this. Ebola is their natural element for exploitation. You might as well try keep a bear away from a beehive dripping with honey.

But there is one thing I believe we can do. As I noted earlier, social media is being widely abused to spread Ebola panic and prejudice. When you see this occur, I urge you to call out the perpetrators publicly for what they are. Don't sit silently and let them get away with their hateful garbage.

Yes, this means having a thick enough skin to deal with the inevitable trolls, but this is a situation where we're talking about real lives being ruined not only by Ebola itself, but by purposefully orchestrated false stories and resulting panic, often using the Web as its carrier.

Thankfully, the Internet is still one place where we individually and collectively still have some real control.

Take care.

--Lauren--
I am a consultant to Google -- I speak only for myself, not for them.

Posted by Lauren at 05:43 PM | Permalink



     Privacy Policy