Posts

Friday Morning: Mi Ritmo

Oye como va
Mi ritmo
Bueno pa gozar
Mulata

— excerpt, Oye Como Va by Tito Puente

This Latin jazz song was on the very first album I owned — Santana’s Abraxas. I have no idea what possessed my father to select this way back in 1971 because he’s not musically inclined. I prefer to think he was persuaded by the music store staff to buy it for me rather than think the cover art did it for him. To this day I don’t dare ask; I’d rather live with my illusion.

Perhaps he simply liked Oye Como Va by Tito Puente and decided I needed it. Maybe that’s what he wanted to listen to when I played the album over and over again, ad nauseam. The song is still easy to listen to even when played by a septuagenarian, isn’t it? Though Puente probably still felt the same way about this song in his last live performance as he did when he first recorded it in 1963.

The personal irony I’m certain my father never considered: the last line is a reference to a mixed race “mulatto” woman. That’s me.

Vamos, amigos!

Wheels

  • South Korea frustrated by Volkswagen’s response to Dieselgate (Yonhap) — Hard to tell how many VW passenger diesel cars with the emissions controls defeat tech have been sold in South Korea to date. Last year’s sales of 35,700 suggest VW needs to exert itself a little more than offer to recall a total 125,000 cars.

Technology Trends

  • Breakthrough in memory technology could change computing dramatically (IBM via YouTube) — I’m still trying to wrap my head around this; could be the simplicity of the underlying science seems so obvious I can’t understand why it wasn’t discovered sooner. Using polycrystalline rather than amorphous material, more data can be stored and in a manner which is stable and not prone to loss when electricity is cut. This technology could replace DRAM at flash memory prices. Imagine how quickly systems could begin processing if they could avoid seeking programs and data.
  • Google’s annual I/O event chary on enterprise computing (ComputerWorld) — Wonder if Google executives’ expressed intent to focus on the enterprise is a veiled threat directed at Oracle? The I/O annual conference didn’t have enough enterprise applications to satisfy the curious; is Google holding back? Or are there pending acquisitions to fill this stated intent, ones not yet ready for publication? I wouldn’t be surprised to see Google launch something on par with Salesforce or Zoho very soon. Google Drive components already compete with or are integrated with some of those Zoho offers in its small business offering.
  • Android’s coming to Chromebooks — finally! (Google Blog) — I’ve put off buying another laptop until this happened, guess I’ll look at the first three models on which developers will focus their development. The applications available for Android phones have been mind-boggling in number; it’d be nice to have the same diversity of selection for laptops. And then maybe desktops in the not-too-distant future? That would really make a dent in enterprise computing.

Cybersec

  • Security camera not password protected? Police may be able to tap it (Engadget) — Love the subhead: “Don’t worry, it’s supposed to be for a good cause.” Just add the invisible snark tag. Purdue University researchers found surveillance cameras could be tapped to allow law enforcement to monitor a crime scene. I don’t know about you but this sounds like a backdoor, not a convenient vulnerability. If the police can use it soon, who might already be using it?
  • Qualcomm mobile chip flaw leaves 60% of Android devices exposed (Threatpost) — Not good, especially since this boo-boo may affect both oldest and newest Android versions. But a malicious app is required to take advantage of this flaw, unlike the Stagefright exploit. Android has already issued a patch; the problem is getting it to all affected devices.
  • LinkedIn’s 2012 breach yielded info on more than 100 million accounts (Motherboard) — Only 6.5 million accounts were initially breached — but that’s only the first batch published online. The actual haul from 2012 was at least 117 million accounts, now for sale for a mere five bitcoins or $2200. Are you a LinkedIn user? Time to check Have I Been Pwned? to see if your account is among those in the breach.

Climate Crises

  • Record high temp of 51C (124F) recorded in India (The Register) — Drought continues as well; article notes, “Back in India, relief from the heat is expected when the annual monsoon hits. The cooling rains generally arrive in mid-June.” Except that with a monster El Nino underway, the amount of rain and cooling will depart from average.
  • Polymath Eleanor Saitta considers climate change and comes to some grim, mortal conclusions (Storify by @AnthonyBriggs) — If you’re a policymaker, you’d better worry about dealing effectively with climate refugees and deaths in the millions. Maybe billions. Refugees from Syria will look like a minuscule blip. If you’re not terrified, you should be.

Looks like it’s going to be a lovely late spring weekend here — hope you’re going to have a nice one, too. See you Monday!

Thursday Not-Morning: Stupid

Jeepers. I need hip waders. There is just so damned much stupid over the last 24 hours. It’s a veritable flood.

The Future is here, and it’s stupid

  • Law firm “hires” first artificially intelligent lawyer (Futurism) — Oh how nice. Treat human misery like a fungible commodity by using IBM’s AI ‘lawyer’ Ross to process bankruptcies. Want to bet it’s cheaper to hire paralegals to do the work Ross does? Want to bet Baker & Hostetler’s Ross will be replaced by a competing internet-based firm processing bankruptcies even more inexpensively? Hey Congress: doesn’t it say something to you about the number and kind of bankruptcies when a ‘robot’ can process them?
  • Facial recognition expected to be $6 billion by 2020 (Curatti) — No invasion of privacy issues there, nor any security risks whatsoever. No chance at all two or more people have the same facial characteristics in terms of dimension.
  • Chinese tech company prepares for future where our consciousness lives forever in a computer (Bloomberg) — This is really creepy, and yet very much possible in the near-term future. If AI can nearly reproduce you from your social media, why can’t it replicate your consciousness?

The Past remains, and it’s stupid, too

  • Staffing company Portico sent home a receptionist for not wearing high heels (BBC) — A petition emerged in response, asking Parliament to outlaw such policies; 100,000 signatures mustered overnight. They’ve reversed their position today after a furor arose about their policy requiring women to wear 2-4 inch high heels on the job at a PriceWaterhouse Cooper facility. PwC says it’s not their policy. Come on now — it’s 2016, not 1956. It’s just plain stupid to ask workers of a specific gender to wear attire for looks — attire which causes discomfort and is not recommended by doctors.
  • Belgian beer company changes iconic American brand name to pander to voters (AdAge) — Take one of the oldest and most recognized U.S. brands on which hundreds of millions of dollars have been spent to entrench an immigrant’s name into the American psyche. Then remove it and replace it with the country’s name for six months. My gods, the stupid on this one. Fortunately a West Michigan brewer is taking advantage of this opportunity with ‘Murica! I could use one right about now.
  • Some SAP accounting software users attacked because they screwed up in 2010 (The Register) — Talk about time travel. I’m sure there’s some folks who’d like to go back to 2010 and execute that security patch correctly this time before hackers smite their business to smithereens.

The Present’s no gift

  • Don’t feed the sea turtles (Scientific American) — Surprise! When tourists feed junk food to sea turtles, the turtles’ health mirrors that of humans fed the same crap.
  • Study: Ransomware cybercriminals provide better, faster service than internet service providers (Nature) — Not even a rational comparison next to Comcast. Seems like there’s a market opportunity here; if crooks held a machine hostage AND offered a PC tune-up, would PC owners happily fork over cash? Hmm.
  • Marijuana use during pregnancy increases risk for pre-term birth (ScienceDaily) — What a surprise that a psychoactive drug combined with toxic by-products from smoking a plant product might have negative effects on pregnancy.

Ugh. Hope tomorrow is kinder to us. See you in the morning!

Could Corporations Include CISA Non-Participation in Transparency Reports? Would It Even Mean Anything?

I confess I don’t know the answer to this question, but I’m going to pose it anyway. Could companies report non-participation in CISA — or whatever the voluntary cyber information sharing program that will soon roll out is eventually called — in their transparency reports?

I ask in part because there’s great uncertainty about whether tech companies support or oppose the measure. The Business Software Alliance suggested they supported a data sharing bill, until Fight for the Future made a stink, when at least some of them pulled off (while a number of other BSA members, like Adobe, IBM, and Siemens, will surely embrace the bill). A number of companies have opposed CISA, either directly (like Apple) or via the Computer and Communications Industry Association. But even Google, which is a CCIA member, still wants a way to share information even if they express concerns about CISA’s current form. Plus, there some indication that some of the companies claiming to oppose CISA — most notably, Facebook — are secretly lobbying in favor of it.

In the wake of CISA passing, activists are wondering if companies would agree not to participate (because participation is, as Richard Burr reminded over and over, voluntary, even if the key voluntary participants will also be bidding on a $50 billion contract as CISA rolls out). But I’m not sure what that would even mean.

So, first, would companies legally be permitted to claim in their transparency reports that they did not voluntarily participate in CISA? There are a lot of measures that prohibit the involuntary release of information about companies’ voluntary participation in CISA. But nothing in the bill that seems to prohibit the voluntary release of information about companies’ voluntary non-participation.

But even if a company made such a claim — or claimed that they only share cyber indicators with legal process — would it even be meaningful? Consider: Most of the companies that might make such a claim get hacked. Even Apple, the company that has taken the lead on pushing back against the government, has faced a series of attacks and/or vulnerabilities of late, both in its code and its app store. Both any disclosures it made to the Federal government and to its app vendors would be covered by CISA unless Apple deliberately disclosed that information outside the terms of CISA — for example, by deliberately leaving personally identifiable information in any code it shared, which it’s not about to do. Apple will enjoy the protections in CISA whether it asked for them or not. I can think of just two ways to avoid triggering the protections of CISA: either to only report such vulnerabilities as a crime report to FBI (which, because it bypassed the DHS, would not get full protection, and which would be inappropriate for most kinds of vulnerability disclosures), or to publicly disclose everything to the public. And that’s assuming there aren’t more specific disclosures — such as attempts to attack specific iCloud accounts — that would legitimately be intelligence reports. Google tells users if they think state actors are trying to compromise their accounts; is this appropriate to share with the government without process? Moreover, most of the companies that would voluntarily not participate already have people with clearance who can and do receive classified intelligence from the government. Plus, these companies can’t choose not to let their own traffic that transits communications backbone be scanned by the backbone owners.

In other words, I’m not sure how a company can claim not to participate in CISA once it goes into effect unless it doesn’t share any information. And most of the big tech companies are already sharing this information among themselves, they want to continue to do that sharing, and that sharing would get CISA protections.

The problem is, there are a number of kinds of information sharing that will get the permission of CISA, all of which would count as “participating in it.” Anything Apple shared with the government or other companies would get CISA protection. But that’s far different than taking a signature the government shares and scanning all backbone traffic for instances of it, which is what Verizon and AT&T will almost certainly be doing under CISA. That is, there are activities that shouldn’t require legal process, and activities that currently do but will not under CISA. And to get a meaningful sense of whether someone is “participating” in CISA by performing activities that otherwise would require legal process, you’d need a whole lot of details about what they were doing, details that not even criminal defendants will ever get. You’d even need to distinguish activities companies would do on their own accord (Apple’s own scans of its systems for known vulnerabilities) from things that came pursuant to information received from the federal government (a scan on a vulnerability Apple learned about from the government).

We’re never going to get that kind of information from a transparency report, except insofar as companies detail the kinds of things they require legal process for in spite of CISA protection for doing them without legal process. That would not be the same thing as non-participation in CISA — because, again, most of the companies that have raised objections already share information at least with industry partners. But that’s about all we’d get short of really detailed descriptions of any scrubbing that goes on during such information sharing.

How Did Two CISA Beneficiaries and Numerous Agnostics Come to Support CISA?

When the Business Software Alliance released this letter a while back, I was perplexed.

In addition to its call for Congress to pass a set of designated bills, including ECPA reform, that would give assurances to international customers that US services weren’t more exposed to US spying, the letter also called for passage of cybersecurity sharing legislation.

Cyber Threat Information Sharing Legislation will promote cybersecurity and protect sensitive information by enabling private actors in possession of information about vulnerability and intrusions to more easily share that information voluntarily with others under threat, thus enabling the development of better solutions faster.

As TechDirt noted, the letter didn’t name any particular cyber sharing bill, but there are three and all expand US government access to data. Even if some or all tech companies that make up BSA wanted such a bill it seemed odd to include in a call for legislation that would reassure international customers. I asked around and the impression was it was just convenience to include a CISA-type legislation (but why include it at all)?

So then Fight for the Future went to work. It got thousands of activists to complain to the companies directly about their stated support for a CISA-type legislation. And also announced their intention to stop using Heroku, which is part of Salesforce, as their host.

That led first Salesforce then BSA more generally to deny they had ever supported CISA. The BSA language pretended their original letter called for balanced legislation. And it also claimed to consistently advocate for strong privacy protections on such legislation — which of course they didn’t do in the letter.

There have been questions about our views of the current CISA legislation. For clarity, BSA does not support any of the three current bills pending before Congress, including the Cybersecurity Information Sharing Act (CISA), the Protecting Cyber Networks Act (PCNA), and the National Cybersecurity and Communications Integration Center (NCCIC) Act.

Consistent with this view, BSA’s September 14 data agenda letter to Congressional leaders identified five key areas where Congress can pass legislation to strengthen the policy environment around digital commerce, including voluntary information sharing, and highlighted the need for balanced legislation in this area.

BSA has consistently advocated for strong privacy protections in all information sharing bills currently pending before the Congress.

We will continue to work with the Congress, others in industry and the privacy community to advance legislation that effectively deals with cyber threats, while protecting individual privacy.

All of raises more questions about how the endorsement for cyber sharing at a time when all the cyber sharing bills before Congress don’t balance privacy interests got into the letter.

Especially given the signatories. The signatories include companies — like Apple — that have fought hard to protect their customers’ privacy. It included several — notably Adobe and Siemens — that could significantly benefit from any kind of immunity, given that their products are among the most consistent targets of hacks. Most interesting, it includes several companies — including IBM and Symantec — that will benefit when a CISA bill makes it easier for cybersecurity contractors to get more data with which to serve customers.

Indeed, the language from the original bullet support cyber sharing — “enabling private actors in possession of information about vulnerability and intrusions to more easily share that information voluntarily with others under threat” — might well describe how cybersecurity contractors will get a boost from CISA.

Some members of BSA probably do, individually, support CISA for the immunity and data it would give them. Others neither need it nor want the stigma.

So how did it get in this letter?

CIA’s Cloud Storage Just Bought the WaPo

You’ve no doubt heard that Jeff Bezos just bought WaPo.

Which means the same guy who owns WaPo also provides the CIA with its new cloud storage (unless IBM succeeds in their bid to challenge it).

I’m sure this will have an utterly salutary effect on the news business.

The Shell Game: What is Microsoft Doing?

[graphic: Google Finance]

[graphic: Google Finance]

What is this so-called tech company doing?

Microsoft sees itself as going head-to-head with Apple and Google. The 10-year chart above comparing Microsoft, Apple, and Google stock tells us this has been a delusional perception.

It also sees itself in competition with IBM. Yet IBM surpassed it in market value two years ago, even after nearly a decade of ubiquity across personal computers in the U.S. and in much of the world. (IBM is included in that chart above, too.)

One might expect a sea change to improve performance, but is the shell game shuffling of Microsoft executives really designed to deliver results to the bottom line?

Tech and business sector folks are asking as well what is going on in Redmond; even the executive assignments seemed off-kilter. One keen analysis by former Microsoft employee Ben Thompson picked apart the company’s reorganization announcement last Thursday — coincidentally the same day the Guardian published a report that Microsoft had “collaborated closely” with the National Security Agency — noting that the restructuring doesn’t make sense.

The new organization pulls everything related to Windows 8 under a single leader, from desktop to mobile devices using the same operating system, migrating to a functional structure from a divisional structure. There are several flaws in this strategy Thompson notes, but a key problem is accountability.

To tech industry analysts, the new functional structure makes it difficult to follow a trail of failure in design and implementation for any single product under this functional umbrella.

To business analysts, the lack of accountability means outcomes of successful products hide failed products under the functional umbrella, diluting overall traceability of financial performance.

But something altogether different might be happening beneath the umbrella of Windows 8.

There’s only one product now, regardless of device — one ring to rule them all. It’s reasonable to expect that every single desktop, netbook, tablet, cellphone running on Windows 8 will now substantially be the same software.

Which means going forward there’s only one application they need to allow the NSA to access for a multitude of devices.

We’ve already learned from a Microsoft spokesman that the company informs the NSA about bugs or holes in its applications BEFORE it notifies the public.

It’s been reported for years about numerous backdoors and holes built intentionally and unintentionally into Microsoft’s operating systems, from Windows 98 forward, used by the NSA and other law enforcement entities.

Now Skype has likewise been compromised after Microsoft’s acquisition of the communications application and infrastructure for the purposes of gathering content and eavesdropping by the NSA, included in the PRISM program.

Given these backdoors, holes, and bugs, Microsoft’s Patch Tuesday — in addition to its product registration methodology requiring online validation of equipment — certainly look very different when one considers each opportunity Microsoft uses to reach out and touch business and private computers for security enhancements and product key validations.

Why shouldn’t anyone believe that the true purpose of Microsoft’s reorganization is to serve the NSA’s needs?

Tech magazine The Verge noted with the promotion of Terry Myerson to lead Windows — it’s said Myerson “crumples under the spotlight and is ungenerous with the press” — Microsoft doesn’t appear eager to answer questions about Windows.

As ComputerworldUK’s Glyn Moody asked with regard to collaboration with the NSA, “How can any company ever trust Microsoft again?”

If a company can’t trust them, why should the public?

The capper, existing outside Microsoft’s Windows 8 product: Xbox One’s Kinect feature is always on, in order to sense possible commands in the area where Kinect is installed.

ACLU’s senior policy analyst Chris Sogohian tweeted last Thursday, “… who in their right mind would trust an always-on Microsoft-controlled Xbox camera in their living room?”

One might wonder how often the question of trust will be raised before serious change is made with regard to Microsoft’s relationship with the NSA. With political strategist Mark Penn handling marketing for the corporation and Steve Ballmer still at the helm as CEO, don’t hold your breath.

We’re Losing More Tech Jobs Than Socks Jobs to China

Some of the more amazing stories about China’s domination of manufacturing these days pertain to the cities in China that make most of just one of the world’s consumer goods, like socks.

But a new study from the Economic Policy Institute makes it clear we haven’t just lost textile jobs to China, we’ve lost high tech manufacturing jobs too. The study finds, for example, that since China joined the WTO, the outsourcing of tech manufacturing to China has been the biggest driver of our trade deficit with China.

Within manufacturing, rapidly growing imports of computer and electronic parts (including computers, parts, semiconductors, and audio-video equipment) accounted for more than 44% of the $194 billion increase in the U.S. trade deficit with China between 2001 and 2010. The growth of this deficit contributed to the elimination of 909,400 U.S. jobs in computer and electronic products in this period. Indeed, in 2010, the total U.S. trade deficit with China was $278.3 billion—$124.3 billion of which was in computer and electronic parts.

Global trade in advanced technology products—often discussed as a source of comparative advantage for the United States—is instead dominated by China. This broad category of high-end technology products includes the more advanced elements of the computer and electronic parts industry as well as other sectors such as biotechnology, life sciences, aerospace, and nuclear technology. In 2010, the United States had a $94.2 billion deficit in advanced technology products with China, which was responsible for 34% of the total U.S.-China trade deficit. In contrast, the United States had a $13.3 billion surplus in ATP with the
rest of the world in 2010.

As a result, those parts of the country where such tech jobs had been concentrated have been inordinately affected.

The trade deficit in the computer and electronic parts industry grew the most, displacing 909,400 jobs—32.6% of all jobs displaced between 2001 and 2010. As a result, the hardest-hit congressional districts were in California, Texas, Oregon, and Massachusetts, where remaining jobs in those industries are concentrated.

[snip]

The three hardest-hit Congressional districts were all located in Silicon Valley in California, including the 15th (Santa Clara County, 39,669 jobs, 12.23% of all jobs in the district), the 14th (Palo Alto and nearby cities, 28,866 jobs, 9.0%), and the 16th (San Jose and other parts of Santa Clara County, 26,478 jobs, 8.72%).

Now, to a great degree, we already knew this. IBM sold its PC division to China in 2004. And whereas stories of abusive conditions for those who make branded goods used to focus on sneakers, they now focus on Apple’s products.

But it also ought to be a wake-up call. It took some time for the upheaval caused by NAFTA to thoroughly devastate the Rust Belt and parts of the south. And while CA may be large and diverse enough to recover from the loss of these jobs, in other places (surprisingly, perhaps, NH, which lost the highest percentage of its jobs to China), they’re not.

Plus, there’s the whole problem of lost capabilities. As this manufacturing goes to China, we lose the symbiotic effect of having people manufacture–say–iPhones down the road from the folks losing designing the new ones. Thus, while in the short term it may be easy for Steve Jobs to churn out new products sending this stuff to China, in the post-Steve Jobs era, particularly with this lost symbiosis, it may be harder to continue to innovate.

But don’t worry. I’m sure working class Californians will be just as happy in their service jobs as Michiganders are. Which is to say, not that much.