Dances with Clubhouse

Clubhouse does not solve a problem or spark joy for me. It’s is a fun experiment that maybe destined for that nice farm out in the country. I waited a long time for access (h/t Ahmed for hooking me up), yet I stopped using Clubhouse about 3 days in. YMMV, but for me it was like listening to a frustratingly poorly produced, engineered, and edited podcast.

Start Up No.1545: Covid vs climate change, China used iPhone contest hack against Uyghurs, Clubhouse hits Android, and more | The Overspill: when there’s more that I want to say:

That 10-to-1 collapse in downloads suggests to me at least that Clubhouse isn’t going to thrive. If a growing userbase doesn’t lead to a growing number of would-be users, your troubles are just beginning. As people emerge from lockdowns, as everything returns to some semblance of normality, we’ll find out just where not-a-podcast stuff fits in to our lives. Meanwhile, the people at Clubhouse are very positive about everything. Naturally. To me, though, it feels like the wave has passed.

I’m happy for Clubhouse that they finally got an Android app out and wish them all the best, but it might be too little, too late. I deleted the iOS app a few weeks ago (but just reinstalled it to deactivate my account). I hold no interest in the competing products from Twitter, Facebook, and their ilk.

Published
Categorized as I84D, tech

Hell is other syslog

I had to go into the recesses of my mind to recall this Syslog mess for one of the things I’m working on in Korea. It has me pleasantly tech-adjacent. I’m not rolling up my sleeves to lay hands on said tech. Rather, I am spending a lot of time looking at how this bit of tech was implemented, best described (and very timely for me) here ↴

The Syslog Hell – Bozho’s tech blog:

Syslog. You’ve probably heard about that, especially if you are into monitoring or security. Syslog is perceived to be the common, unified way that systems can send logs to other systems. Linux supports syslog, many network and security appliances support syslog as a way to share their logs. On the other side, a syslog server is receiving all syslog messages. It sounds great in theory – having a simple, common way to represent logs messages and send them across systems.

Reality can’t be further from that. Syslog is not one thing – there are multiple “standards”, and each of those is implemented incorrectly more often than not. Many vendors have their own way of representing data, and it’s all a big mess.

It’s all coming back to me know, like the hot kiss at the end of a wet fist.

Published
Categorized as tech

The US military’s privacy pearl clutching

The Ease of Tracking Mobile Phones of U.S. Soldiers in Hot Spots – WSJ:

 

In 2016, a U.S. defense contractor named PlanetRisk Inc. was working on a software prototype when its employees discovered they could track U.S. military operations through the data generated by the apps on the mobile phones of American soldiers.

…  The discovery was an early look at what today has become a significant challenge for the U.S. armed forces: how to protect service members, intelligence officers and security personnel in an age where highly revealing commercial data being generated by mobile phones and other digital services is bought and sold in bulk, and available for purchase by America’s adversaries.

 

A bunch of thoughts:

I can’t help but immediately think about the push in many political quarters to weaken security by breaking encryption. I’ll get back to that.

Why did this get attention in 2016? And no, this was not “an early look”.

The government has known for decades that cell phones are trackable if they have power and their transceiver is on. It’s how cell phones work. Anyone who’s watched any incarnation of Law & Order in this century or the last also knows this. The government could have mandated a phone system that would have afforded protections but the carriers resisted, I expect.

And don’t forget cell phones aren’t always phones – laptops and tablets and watches and Kindles and a bunch of other things might – and eventually will – have cell connectivity. With 5G, the distinction might go away if the media (cell, wired, wifi, &c.) converge as advertised. Imagine golf gloves that report your stats back to the cloud.

By the way, all that additional social media data is gravy to the buyer, but someone specifically wanting to track the movement of US military personnel around the globe don’t need it … from military personnel.

Take this scenario:

  • They script a tool like the McDonalds Ice Cream Machine tracker to scrape airline seat assignments to see if open seat availability suddenly drops on certain routes;
  • They scrape social media for hub airport and airline workers who are talking about increases in military personnel coming through; and
  • They watch counts for private Facebook groups for military families to see if their memberships increase.

Based off of that trivial-to-collect data (It’s free or for sale), and we assume they just generally monitor social media and the news, it’s not hard to get an idea of what’s happening. And before anyone complains that my loose lips are sinking ships, this is a simple scenario that is well understood and the plot of several books, movies, and TV shows.

Note, my above scenario assumes all the military personnel are disconnected and analog.

Also note that the above scenario works for advertisers as well as it does for bad actors and for industrial espionage …  and other use cases..

That things would evolve into what the Wall Street Journal article describes was predictable:

buried in the data was evidence of sensitive U.S. military operations by American special-operations forces in Syria. The company’s analysts could see phones that had come from military facilities in the U.S., traveled through countries like Canada or Turkey and were clustered at the abandoned Lafarge Cement Factory in northern Syria, a staging area at the time for U.S. special-operations and allied forces.

The U.S. military’s clutching of pearls and muttering, “Well, I do declare that I never …  ,” about this situation is perhaps disingenuous. ※

The U.S. government has built robust programs to track terrorists and criminals through warrantless access to commercial data. Many vendors now provide global location information from mobile phones to intelligence, military and law-enforcement organizations.

But those same capabilities are available to U.S. adversaries, and the U.S.—having prioritized a free and open internet paid for largely through digital advertising with minimal regulation of privacy—has struggled to effectively monitor what software service members are installing on devices and whether that software is secure.

Which brings us back to encryption – strong, uncompromized encryption –  is one of the tools that the government could bring to bear to help protect troop movements. There are innumerable ways they could, and do, leverage encryption. By the way, we need strong encryption for e-commerce, on-line banking, and a ton of other critical things.

There’s some reflection on the tech industry welding batteries into their phones (and devices) and adopting eSIMs, predicating an always on-line but always trackable society, that needs considering.

Solving this problem, the consolidation of anyone’s/everyone’s/each-of-our on-line and off-line life into a revenue stream for the advertising companies that are Facebook and Google, one that is very much the government’s own creation yet needs to be solved by the government, is a complex undertaking that will require the private sector to forgo some profits for the greater good. Oh, it could fix some of the military troop movement leak issue as a byproduct.

※ There is a American trope about the White southern belle or matriarch who, when faced with realities with which she does not want to deal, does what I describe.

S. Korean telcos to share 5G networks in remote areas

Can you even imagine? US telco’s are too busy entrenching to do anything like this for the public good.

S. Korean telcos to share 5G networks in remote areas:

South Korea’s three major mobile carriers will share their 5G networks in remote coastal and farm towns in a move to accelerate the rollout of the latest generation networks, the ICT ministry said Thursday.

The carriers — SK Telecom Co., KT Corp. and LG Uplus Corp. — signed an agreement so that 5G users can have access to the high-speed network regardless of the carrier they are subscribed to in 131 remote locations across the country, according to the Ministry of Science and ICT.

Under the plan, a 5G user would be able to use other carrier networks in such regions that are not serviced by his or her carrier.

The ministry said telecom operators will test the network sharing system before the end of this year and aim for complete commercialization in phases by 2024.

The ministry said the selected remote regions are sparsely populated, with a population density of 92 people per square kilometer, compared with those without network sharing at 3,490 people per square kilometer.

The move comes as the country races to establish nationwide 5G coverage, with network equipment currently installed in major cities.

The three telecom operators promised in July last year to invest up to 25.7 trillion won ($23.02 billion) to update their network infrastructure by 2022.

As of February, the country had 13.66 million 5G subscriptions, accounting for 19 percent of its total mobile users. South Korea was the world’s first country to commercialize 5G in April 2019. (Yonhap)

Published
Categorized as tech Tagged

Nothing is the ultimate anything

Channable – Nix is the ultimate DevOps toolkit
— Read on tech.channable.com/posts/2021-04-09-nix-is-the-ultimate-devops-toolkit.html

It’s not. I didn’t read the article, but I don’t have to. Why?

Invariably, articles like this start egalitarian. A problem is stated and this tool solved it. Beer and or profits ensue.

Lo and behold, it worked in other situations … in the same environment.

Wasn’t this great? Won’t this be as great for you?

Cut to — no, it won’t. Why? My org is maybe like yours but not close enough. Or not at all close to yours. My edge cases are different. My almost edge cases are different. My org has this thing, and this other thing, and …

Stop pretending your “solution” is more than a local one from which others can learn elements that might address something in their environment. THERE IS NO MAGIC BULLET, EVER, ANYWHERE, ALWAYS. There is no piece of software or shiny new device, diet, service, workout, process, or whatever that will solve your problems.

A magic bullet presupposes a lack of agency, that if your workflow doesn’t fit in this specific vortex of productivity you’re doing it wrong.

Published
Categorized as tech

The go Language is Google's Own

I’m baffled as to why programmers put their trust in this advertising company to do the right thing, or why companies would stake their reputation on go. Several people tell me that Google handed over control to open source, but the main landing page for go, golang.com, the place were everyone needs to go to program in the language, says:

The Go website (the “Website”) is hosted by Google. By using and/or visiting the Website, you consent to be bound by Google’s general Terms of Service and Google’s general Privacy Policy.

Go the go privacy policy page, and you’re sent to Google’s own privacy policy page.
The copyright page, which a lot of folks point to, actually says:

Except as noted, the contents of this site are licensed under the Creative Commons Attribution 3.0 License, and code is licensed under a BSD license.

… which means Google can exempt whatever it wants from the CC & BSD licenses. A good legal argument could be made about the BSD license for the code as the commas make things more open to interpretation. The term “code” could include HTML and other markup. But IANAL
Back to my main point, Google’s reputation is not good based on their behavior. I would not want to stake my company or my coding on them.
(Picture via Roman Synkevych (@synkevych) on Unsplash)

The End of Reputation

AI can now easily (8 seconds) change the identity of someone in a film or video.
Multiple services can now scan a few hours of someone’s voice and then fake any sentence in that person’s voice. […]
Don’t buy anything from anyone who calls you on the phone. Careful with your prescriptions. Don’t believe a video or a photo and especially a review. Luxury goods probably aren’t. That fish might not even be what it says it is.
But we need reputation. The people who are sowing the seeds of distrust almost certainly don’t have your best interests in mind-we’ve all been hacked. Which means that a reshuffling is imminent, one that restores confidence so we can be sure we’re seeing what we think we’re seeing. But it’s not going to happen tomorrow, so now, more than ever, it seems like we have to assume we’re being conned.
Sad but true.
What happens after the commotion will be a retrenchment, a way to restore trust and connection, because we have trouble thriving without it.

(Via The end of reputation; photo via Raphael Lovaski on Unsplash)
Apologies to Seth for quoting nearly his whole post, but it’s important and scary.
Neal Stephenson, in his book Fall; Or, Dodge in Hell 🇺🇸 🇯🇵, addresses this very issue of reputation and authenticity. In very simplistic & basic terms, it involves leveraging something like blockchain to “check in” or “sign in” to legitimate things by you or things you control. He also talks about Editors, who are human professional social media filters, which takes us down a different rabbit hole.
As I move my on-line life as much on to platforms I control or trust, I am thinking about how to validate “me” outside of that without that validation coming back to bite me later, assuming such a thing is possible.
What do you think?

Software Subscriptions Mostly Only Benefit the Developer

Many apps I used are moving to a subscription model (a.k.a. Software-as-a-Service in the corporate world). As they move to the SaaS model I take a deep look.
Immediate red flags for me are when devs explain their move in these ways:

  • Implemented a custom proprietary sync mechanism
  • Implemented encryption
  • Costs are rising
  • Push notifications (in most apps, unnecessary chrome)
  • Theming, styling, icons &| dark mode (again, unnecessary chrome)

There are select apps in the subscription model to which I subscribe and why:

  • Apollo (Reddit reader app): superior to the native app & other options; theming; and to support development
  • CARROT Weather (Weather app) Tier 2: additional data sources; Apple Watch; map layers; and other stuff
  • Fiery Feeds (RSS reader app): for “Smart Views” ; to support development; and I read a lot of feeds
  • Overcast (Podcast app): to remove adds; to support development; and I listen to a lot of podcasts

Apollo violates two of my red flags, yet the developer is crazy responsive; his app is heads & shoulders better than the native Reddit app; and he regularly pushes out updates for security/bug fixes/functionality/chrome.
CARROT Weather also often pushes out updates for security/bug fixes/functionality/chrome, and is also better than the other options.
Overcast does, too, but more judiciously based less on chrome. I like PocketCasts, too, but less so.
Some apps that I avoid in the subscription model but use in their legacy or alternate license mode:

Published
Categorized as tech

The A Stands for Availability

Security Monitor by Riccardo Mori:

Now I’ve switched to ‘active distrust’ mode towards Apple. I don’t feel 10.14 Mojave brings anything particularly useful to me, and 10.15 Catalina even less so. Nothing really worth leaving High Sierra and its general stability behind. Everything I’m reading about Catalina, the experiences of those valiant people trying out the beta, and the technical observations of the more expert users and Mac developers, gives me the impression that Catalina is perhaps the first version of Mac OS that is more useful to Apple rather than their users, if you get my drift.

I can’t agree more. My personal machines – a 2011 Mac Mini Server and 2015 MacBook Pro are still on High Sierra because Apple is IMHO no more reliable than any other vendor. My work 2015 MacBook Air is force updated by the CIO Office to the latest macOS release – major, minor, and supplemental – to the point where internal sites are filling up with complaints about forced reboots during client meetings, presentations, customer maintenance, end-of-month/-quarter activities, and other sensitive moments.
Which makes me wonder yet again: why do people forget about availability when talking about security?

The War On Encryption

No clue what to do about it, but sure something should be done about it, and picking the wrong thing to do about it: the Trump administration in a nutshell. There’s already been a “sensational case” – the San Bernadino one in 2016 – and the FBI paid an Israeli company about $1m to break into the iPhone in question, to find nothing useful. There was more, and better, data on the terrorists’ Facebook profiles.
unique link to this extract

(Via The Overspill)
Similar to my earlier post on AG Barr’s complete lack of understanding about how encryption actually works and benefits the entire economy.