… in which I read 2.5 books.

Not a lot of excitement. I opted to hole up at the resort and read. That, and hit the spa for a salt rub down (scratchy delight) and a Balinese massage.

Chickens!

Tonight is a barbecue dinner. I may have to relent on my social isolation. The day of travel and two of solo activities I think have me recharged for some friendly banter. We shall see.

I can’t believe I forgot to write about the Australian.

There was an Australian couple walking near me. They chatted a lot about inane topics such as viral videos and who knew their best friends the longest and wouldn’t it be neat if a monkey would climb on one of us.

The monkey park is clear that this last bit of inane chatter is best left as is. Don’t look them in the eye, don’t feed them, and don’t be a dick.

Well, the couple opted for a more liberal approach, coxing a monkey up on the man’s head. It was a cute Instagram moment, to be sure.

Then the monkey proceeded to dig into the backpack pockets. Cute!

Then the monkey proceeded to unzip the other pockets and pull things out. Monkeys do this. And they like shiny objects.

The man decided to drop his backpack and the monkey on the ground, pockets spilling all over the pavement.

The monkey decided to grab the couple’s scooter keys and run off into the park.

Cheeky monkey!

Oh, in case you care about the Australian couple and if they got their keys back … I had so little invested after the monkey skedattled that I didn’t follow up beyond pointing them to the closest park ranger.

I flew through Taipei from Tokyo to Bali.

I want to spend more time in Taipei. From what I saw from taxis and my hotel, it’s my kind of town.

Speaking of taxis: when I got mine from the stand at the airport, I asked if he takes credit cards. They said he did and off I went.

Guess what? He does, but doesn’t like to. I had no Taiwanese currency, only Yen and Dollars. He tried to get his machine to work, cursing at it or me or both. Eventually he got so pissed off he threw me and my bags out and took off.

His taxi? It had stickers for all the major credit cards.

My brief stay at the DoubleTree Hilton was fantastic. I’m looking forward to my return.

The airport there is great if a too spread out – some kind of tram system would help.

Here are some pictures to set the mood.

Oh, yeah. And “Hello, Kitty”.

Landing at Denpasar airport, one is treated to a 2-4 hour wait to pass immigration – in line, standing, with little guidance as to if you’re even in the correct spot.

Over 60? There’s a special line for you. Disabled? Special line. Traveling with small kids? Technically there’s no special line but … Yes, there’s a special line.

Not one of those? Enjoy your temporary limbo.

There are two hints as to why the lines are so long: all the flights seem to arrive in the same time window and there are too few agents processing. The agents will get up and walk away with no warning. They do not return.

After clearing immigration there’s the standard baggage claim where your luggage has been siting unattended for hours. I checked nothing so passed on to customs.

Me and everyone else flagged for secondary scanning had light luggage. It was fast but another delay to my vacation.

It’s a gauntlet to get from customs to the taxi area. If you don’t have a driver waiting for you with a sign, there are any number of aggressive men offering their taxi services. Assuming you follow the few signs and get to where the actual official taxi desk sits, you will negotiate the cost for your ride.

My driver was nice and the right one for that moment in my life. I was sleep deprived and tired from queuing. He pointed out where things are and, other than some stilted English chatter, left me to see Bali from the back of his cab.

Things got interesting when we approached Ubud, the town near where I am staying. His navigation ability (no GPS unit) went only so far. To get the last kilometer required a combination of my Apple Maps and better night vision (something that disturbed me greatly to learn). We managed to get to my resort a mere 6 hours after I landed. Sadly, Google Maps is measurably better, so I installed it.

The room at the Karma Mayura resort is nice. It’s a bit spartan but the perfect fit for my digital detox. I grabbed some food and a beer from the restaurant and then crashed in my room.

I hopped on the hotel shuttle into Ubud. It drops off twice a day and picks up twice a day at the grocery store.

The weather forecast said over a 50% chance of thunderstorms. It sprinkled for about 10 minutes. The rest of the time it was sunny and very warm. Not hot, thankfully, especially with the humidity. My linen shirt and trousers with a Marino wool tee and travel boxer briefs were the right outfit. Even my slowly disintegrating Allbirds were the right choice. Sandals would provide too little protection and my hiking books would have been a foot baking apparatus … an oven, if you will.

I walked around a lot. The town reminds me of Mexico City in its ramshackle nature and also Japan in the Buddhist temples and statuary all over. Actually, it exceeds Japan in that regard. There is no place here without some idol or offering.

I tired of taking pictures out of sheer volume.

The monkey park, however, lacked not for interest and cute!

Side note: There are more including a whole raft of videos that iOS kindly neglected to import or tell me about. It was more than happy to delete them from the SD card. I am saving this for when I get home. I can I delete the files.

Apple, get your act together.

Meanwhile, I set my camera to MP4 video recording.

The food is fantastic. I’ve gone mostly vegetarian so far with only a little bit of chicken and egg in the mix. Bintang, the omnipresent national beer, is kind of perfect for here. It’s a Pilsner, so it’s light in flavor and low in alcohol. It still tastes like beer, is inexpensive, and is safer than the tap water.

Speaking of water, the resort offers two large glass bottles of water in the room. They can be refilled at a spigot near the restaurant. That seems reasonable.

As I sit here on a comfy chair listening to the crickets or cicadas or whatever wildlife on one side and the little kids in the pool on the other, I’m reminded that I am half way around the world from where I was born.

I’m relaxed right now, tired from the day and a little bit buzzed from the beer. I’m considering another night in. Tomorrow might be a read by the pool and spend some time at the spa day.

They call it a resort for a reason.

More soon!

I slept like a log last night. Over the past three days I had had about 12 hours of sleep with a chunk of that in the plane. Now I’m at breakfast.

The weather is gorgeous, by the way.

I’m taking the shuttle into Ubud and spending the day there. Then I’ll come back and camp out by the pool with a book and a drink. And upload photos … I’m using my Canon point and shoot, not my phone, to help disconnect

The resort staff is attentive and friendly. It is taking me a bit to understand their English and I’m pronouncing there words in a very Japanese way.

The other residents are diverse: Retired western couples, young Indonesian families (one set is in the pool now), a Russian couple straight out of central casting, and an assortment of others. One pair that just came down to eat taught me that, as far out as we are, apparently Dominos delivers here. That’s sad.

While I’m out I will get bug repellent and some more toothpaste. Maybe I can get some coffee for the room, too.

Some of them were already doomed by the relentless and ruthless tide of events; and to the others their time, too, would come.

  • Louis L’amour, Showdown At Yellow Butte

How IBM X-Force IRIS Prepared for the Ukraine Election:

You may not have been aware there was a presidential election in Ukraine last Sunday, but all eyes in the cybersecurity and intelligence communities were keenly focused on this event. In the past few years, cyberattacks targeting elections in democratic countries, including the U.S., have become increasingly disruptive. And in the past few months, international observers have seen disinformation campaigns attempting to influence the outcome of the Ukraine election.

Leading up to the election, the IBM X-Force Incident Response and Intelligence Services (IRIS) team had been preparing to observe and analyze possible attempts of foreign interference in the election. Although it appears that a major cyber disaster was averted, we were ready for the worst.

… we recognize that the risk of a major cyberattack on Ukraine could be the bleed-over to the rest of the world. IBM Security has many clients, including some of the largest financial and logistics companies, that need to be resilient in an attack or face potential damages in the millions or hundreds of millions of dollars. We needed to prepare a response to go at a moment’s notice.

Well in advance of the first round of the Ukraine election in March, we decided that we couldn’t afford to sit on our heels until an attack was launched. We began to operationalize a plan for responding to anything that we could conceive of happening before or after the election event. I ordered the creation of an incident command center team, comprised of top experts across the IBM company, that was on alert and could be stood up immediately if needed. This team operated outside of the traditional organizational structure.

Now that we have moved from an alert posture back to a normal readiness stance, I can share a little bit from behind the scenes about how we prepared. I’ll also describe what organizations can do to evolve their security posture from a reactive stance to a more proactive and predictive security posture.

I don’t often post articles about IBM Security (full disclosure: my employer) but I like Caleb’s write-up about this – especially about the C-TOC:

Plus, for the first time since it’s construction, we had at the ready the X-Force Command Cyber Tactical Operations Center (C-TOC), the industry’s first mobile command center, to assist clients in Europe with investigations and recovery. We had multiple drivers ready to go at a moment’s notice and drive through the night if necessary. The C-TOC gives us unique capabilities in a destructive attack: If a client’s systems go down, we have a sterile platform from which to work, and we travel with our own internet, data center and all the gear we need to accelerate recovery.

It is pretty cool! Check out the whole article for the breakdown on what my colleagues did and some generally good advice around being prepared for the worst.

Road to Adequacy: Can California Apply Under the GDPR? – Lawfare:

Earlier this year, the European Commission, the executive arm of the European Union, recognized Japan’s data protection regime as adequate under the European General Data Protection Regulation (GDPR). Japan is now treated as part of the European Economic Area (EEA) under the GDPR, and data flows from the EEA may be transferred to Japan without any additional safeguards or agreements. This is the first adequacy decision since the GDPR took effect, and it will likely provide a road map for other countries or territories seeking EU approval going forward.

At the same time that Japan’s adequacy determination was being finalized, the California attorney general began hosting seven public forums across the state to allow public comment during the California Consumer Privacy Act (CCPA) pre-rulemaking process. The CCPA, enacted July 28, 2018, and effective Jan. 1, 2020, is modeled on the GDPR, imposing new data protection requirements on certain companies and granting new rights to California residents.

Even before the CCPA was signed into law, the bill sparked speculation about whether California could apply under the GDPR for adequacy. While California has not yet expressed an intention to apply, the state has a history of forging its own path in the absence of federal action. And notably, industry stakeholders at the CCPA public forums requested that the potential CCPA regulations contain a safe harbor provision for GDPR-compliant businesses. In addition, legislation introduced this year to amend the CCPA to more closely align with the GDPR framework—coupled with last year’s stalled efforts to create a California data protection agency—indicates that some state legislators may have a broader vision of the relationship between the two privacy regimes.

But could a single state secure a GDPR adequacy determination even though the United States has not obtained a full adequacy decision? This post considers whether California could apply (based on the factors considered in the recent Japanese adequacy decision) and, importantly, whether any legal barriers exist under the GDPR.

A fascinating read about CCPA and GDPR. The Japan example is a useful one but only to a certain point. Andrei Gribakov’s article is an excellent breakdown of the issues and how this might play out.

This story infuriates me.

no ducks in a row by :

a long farewell to the tech industry
I suppose one could say that I’m losing hope. In fact, I’ve always been losing hope, one small papercut at a time. Yet, after the publication of the black hole image, the rate of loss of hope has accelerated dramatically. After news broke out of another ‘diversity manifesto’ incident – this time at Microsoft, it accelerated a bit more. Sometimes, I have to wonder, why I keep coming back to a place that clearly believes I can never be as good as my colleagues because of the way my body looks. In an industry that always makes a point to talk about “the future”, “progress” and that dreadful word that in practice means the complete opposite than what says in the dictionary, “meritocracy”, we get quite hungup on someone’s external characteristics that have no bearing on how they will do their job. I thought I could help us fix that, but it looks like no one truly wants to fix the problem unless it’s a quick brushup for an upcoming photo-op.

The point when those kindlings blew up into a fullblown fire was the day the image of the black hole was published. News outlets had stories of Dr Katie Bouman, the MIT researcher, who had written the algorithm to generate the image of the black hole from observations made by a global team. Within hours, internet message boards were full of messages discrediting her contribution. The supporting evidence was found when someone dug up the Github repo with the code and calculated the percentage of her contributions (in terms of lines of code written). Every person in software engineering knows that lines of code is a shit metric to measure someone’s contribution, but alas, the internet bros were at it again.
Shortly after this debate flared up, Mekka Okereke, engineering director at Google who I follow on twitter, wrote a thread about it. Dr Katie Bouman “survived” this challenge, to quote Mekka, because she had all of her ducks in a row – enough ducks and good enough ducks to satisfy the nasty commetators looking to discredit her – a PhD from MIT and a professorship at CalTech. That is how good, how amazingly excellent you have to be, to survive in this industry.

Do read the entirety of the article.

Some people, a minority, suck. They use social network services (SNS) to broadcast their suck. On SNS, their suck gets amplified.

Don’t contribute to their amplification. Pity them instead. They may not know better. If they do, pity them anyway. Let them know.