Dear InfoSec & Tech Journalists …

Get to the point early. If you can’t, rewrite it so you do. Don’t make yourself part of the story. How you got here is useless exposition.

You’re a blogger? The same holds true. As a reader I don’t care about the subtleties differentiating the two.

(Sub dermal) Skin Deep

Since the mid 90’s I struggled to understand why anyone outside of a religious or military obligation would get a tattoo. To me, they’re like a permanent Velvet Elvis.

When I moved to Japan I saw kindred spirits in the older generations’ disdain for them. Of course, their concern is the Yakuza. Then I saw how some Buddhist monks reacted to tattooed Westerners and jumped on that, but more often than not that was due to some other transgression like filling a water bottle where one should be looking to cleanse themselves.

Yet my brothers have them. Odds are that at least two of my sisters do, too. I have friends and trusted advisors who decided the same way. Girlfriends, transitory and longer lasting, have had them, too.

I still don’t like tattoos. I think they’re short-sighted narcissism made long lasting just under the dermal layer.

Here’s the thing: like with my opinions on religion and politics, what I think about tattoos are mine. I acknowledge that I have an irrational disdain for them, and unfortunately it hurt some relationships I value greatly. Your mileage may vary.

I am learning to let it go, though it is a process.

Hard Drives Susceptible to Loud Music? Yeah, We Know

Damaging Hard Drives with an Ultrasonic Attack

Playing a sound over the speakers can cause computers to crash and possibly even physically damage the hard drive.

I don’t know why this is news. My university friends and I knew this in the early 90’s, and I think it was common knowledge at the time. Did the sound have to be ultrasonic? No. But we knew a loud party could screw up the hard drives we had in our desktop computers. As low end bass became more and more of a thing, it was even easier to see the connection.

We played audio cassettes at parties to deal with this very issue.

All Women on Deck at RESET Cyber Conference

All Women on Deck at RESET Cyber Conference

With more than 15 female experts in cybersecurity scheduled to speak on the evolving cyber threat landscape, RESET, hosted by BAE Systems, claims to be challenging the status quo with its all-female speaker lineup.

Scheduled for 14 June at the Kennedy Lecture Theatre, University College London (UCL), the conference is open to all security professionals and will “provide in-depth knowledge of destructive cyber-attacks and criminal operations, threat hunting and strategy, and human centric security. In panel discussions, we consider public and private roles in defending cyber space and the risks of securing the un-securable as new technologies emerge.”

What is unique about this event is the speaker lineup. BAE Systems threat intelligence analysts Kirsten Ward and Saher Naumaan have launched the event not only to bring professionals together to engage in a discussion about the evolving threat landscape, but also in part to showcase the impressive women who are often not invited to speak at industry conferences.

Click through to get all the details.

GDPR Victory Cake? Really?

Now that GDPR is finally done, startups are celebrating with cakes

Let them eat cake. They deserve it.

Do they? Really?

Tech companies around the world scrambled to meet the GDPR deadline to provide “freely given, specific, informed and unambiguous” consent to share their personal data with companies. You might have seen their desperate pleas in your inbox. Under the European Union’s General Data Protection Regulation—perhaps the world’s most stringent data protection rules—companies that fail to comply are on the hook for up to €20 million ($23 million), or 4% of their worldwide annual revenue of the prior financial year.

Wait a second … can #GDPR ever be considered “done” in any meaningful way? There’s the initial visibility and focus, like with #SOX and #HIPAA in the US. Eventually, as with all fads, they fade in the public consciousness. Yet they no less require compliance.

In the short term, companies are focused on not being a focus. Putting forth good faith effort toward compliance is good enough. Maybe the celebrations and cakes are focused on the fact these companies probably “outran the bear”, where is bear represents the global behemoths like Google, Facebook, Microsoft, et al.

In the longer term, no entity can reasonably consider themselves safe if they fall in the GDPR realm. I can see scenarios where some organizations leave the EU because no other company can realistically enter into the market and provide what they did under GDPR’s rules.

In short, GDPR is no magic bullet. There are costs that will need to be paid for it.

Your Subscription Model Does Not Match Your Value

Here’s the problem we all face: you use an app and pay for it and every so often you drop some more cash on a major upgrade. Then the developer decides to go the subscription model and what they want per month exceeds the value and utility you get from the app. Yet there is no good replacement for the utility you glean.

Let’s be clear: unless the developer of the app delivers more value and utility quickly under the subscription model (where subscribers are paying more) and keeps up a reasonable pace, the model only benefits the developer. It might benefit the platform, like Apple and Google (I don’t know much about that bit.)

Now the app developer moved from selling a piece of software to providing a service. The service is fixed and finite in the scope and capability of the software, but that is the very service being sold.

I like the idea of a staged subscription model. It might be cumbersome for the developer, but I think it works out best for the user.

  • Version n-1 is free, full featured for that version and unlimited until version n+1 is released. Users can only expect security related patches as best effort.
  • Version n is paid one time, let’s say for $10. When version n+1 is released this becomes the free version. This gets bug and security fixes.
  • Version n subscription is $1.99 per month or $20 annual. This gets everything in the one time paid version plus new features that will be part of version n+1.

The idea is that n-1’s development is already paid for, so use it as a way to introduce people to your product. Version n should be paying for its upkeep and maybe some small piece of future development where the subscription option is very much about the next version.

Release timing is important. In this model I would expect a new release every 12 to 18 months. The subscription model always moves to the next release, the flat fee pays to move to the new release (maybe at a discount for a limited time) or else goes to the free release. Free folks always upgrade to the free release.

All of this is predicated on the developer having a solid business plan and that the Apple App Store can accommodate all of this in a useful way. Please feel free to adjust and fine tune or point out where I am wrong.

Overboard Evangelizing & Button Pushing

I was in Tokyo’s Yoyogi Park on a recent Saturday enjoying the cool weather before the rains come. I found a delightful spot just under tree branches for my blanket where I could enjoy my book while taking time to take in all the joy on display in front of me.

The Laos festival was taking place in the event space, so I walked over to grab food and bring it back. Delightful!

My park departure was a miniature play of my years in Oklahoma.

  • There was a guitarist playing & signing hymns
  • There was a duo playing Christian music
  • There were people handing out Christian pamphlets
  • There were friendly looking evangelicals on hand & ready to convert

The biggest similarity to my time in Oklahoma was the confrontation.

NOTE: Your Faith is yours. I don’t have the monopoly on wisdom or enlightenment or whatnot. If Christianity or Judaism or Islam or Buddhism or whatever is your jam & helps you be a better person in and out of your community works for you, then that’s good for you. I don’t care, in so far as that is your journey. Don’t try to make it mine.

Here is where I get irritated: one of the Christian folks handing out fliers opted to engage with me. To be clear, I had headphones in my ears and moved to the other side of the space to avoid this dude. He left his station to come talk at, not to, me.

It did not go well, for either of us. I am disappointed that I was not able to maintain my composure while the other fellow was losing his. Since then I’ve lost my patience a few more times in scenarios where I would normally not have a problem. I’ll get my rationality back under me, but I don’t like how easily or for how long I lost it.

Back in the day I had a director who reveled in pushing peoples’ buttons – especially mine. By “pushing buttons” I mean saying things in a way to elicit a strong reaction regardless of the speaker’s own thoughts, feelings, or beliefs. The undisciplined respond in predictable ways. The disciplined don’t, and use the opportunity to learn something about themselves and the speaker.

It goes back to the idea that emotion and belief, in the absence of reason and logic, is powerful to the point of blindness but only useful in one direction. For example, someone who is fanatically against abortion will not be a good advocate for gun ownership or the death penalty. This is not because the they would seem mutually exclusive. It is because a true partisan toward one will not have the energy to devote to the others.

In my former director’s use, it was about finding the blind spots and better fleshing out rational arguments. Ultimately we had to convince business and finance people about the value of IT and Security in a time when there was much less visibility on the latter and IT was seen as a money pit. That, and he liked doing it, especially when we knew he was doing it and yet we easily fell into the trap.

Detroit Locavorism

Farm-to-Table in the Shadow of Downtown Detroit

“It’s a full-circle thing,” Ms. Williams said. “We want to be a no-waste kitchen.”

Chefs take up locavorism for all kinds of reasons, but in Detroit the one people talk about most is the importance of keeping money in the area. Using up scraps is another side of the issue: A penny saved is a penny earned, and a penny earned is a penny that can be reinvested in a city that outsiders have repeatedly left for dead. And hiring native Detroiters is still another side. The staff, both in the dining room and the kitchen that’s wide-open for inspection at the end of the bar, is notably diverse.

(Via the New York Times)

I ❤️ this so hard. Might have to add this to my upcoming homecoming trip. I have some wonderful if foggy memories of Corktown.

Cuteness in bus form
Also on:

"One size fits all" hats versus my gravity-altering massive head
Also on: