Including my favorite:
Thanks to my friend Bob Rudis for the headsup.
Powered by Twitter Tools
It’s a bit of a Christmas tradition here at Emergent Chaos to keep you informed about the Gävle Goat. Ok, technically, our traditions seem hit and miss, but whaddaya want from a site with Chaos in the name? You want precision, read a project management blog. Project management blogs probably set calendar reminders to kick off a plan with defined stakeholders, success metrics and milestones to ensure high quality blog posts. Us, we sometimes randomly remember.
But, but! This year, we actually have a plan with 8×10 color gannt charts with circles and arrows explaining how to set up a market to predict when the goat would burn.
We even have prizes.
Unfortunately, chaos (and flames) emerged, and the goat was burned before we set up the market.
You can read the full story of “Sweden’s Christmas goat succumbs to flames.”
My colleague Ross Smith has just presented an important new paper, “The Future of Work is Play” at the IEEE International Games Innovation Conference. There’s a couple of very useful lessons in this paper. One is the title, and the mega-trends driving games into the workplace. Another is Ross’s lessons of when games work:
Over the last several years, Microsoft has employed dozens of games and game mechanics in its software development process. Forrester, Forbes and others have covered this work. Table 1 illustrates the areas where productivity games can be the most impactful. Focusing on either expanding skills in rile or “organizational citizenship behaviors” that require core skills &emdash; is the best way to ensure the success of a productivity game. Player motivations is a key component of the success of a productivity game.
Core Unique expanding skills In role behavior Most Impact Organizational Citizenship Behavior Most Impact
What this means is that if you try to produce a game that replicates or intrudes on either core work (say, writing code) or unique skills that someone already has (say, threat modeling) the game is likely to be less successful. But if you make a game to help people expand their skill (say, in threat modeling), it will be more impactful and accepted. Similarly, if you’re trying to get thousands of people to help check user interface translations for Windows, it helps to use a core skill, like reading another language, rather than a unique skill (again, let’s say threat modeling) that only a few people have.
This table is really useful guidance if you’re thinking of making a game.
Games, by the way, are tremendously New School. Games are New School because they’re a way to address the real human desires to do something (anything) more fun than deal with security stuff. By making it fun, we can entice people into enjoying the things we need them to do. You should consider if a game can address a problem you deal with, and if it’s in the area of expanding skills in a role or organizational citizenship behaviors that rely on core skills, you’re more likely to succeed.
(I’d link to the paper, but unfortunately, IEEE continues to lock up the scientific literature and impede the flow of progress, rather than charge a few dollars more for each conference to cover the costs of serving up the scientific literature.)
Over at the Office of Inadequate Security, Dissent says everything you need to know about a new report from the UK’s Big Brother Watch:
Extrapolating from what we have seen in this country, what the ICO learns about is clearly only the tip of the iceberg there. I view the numbers in the BBW report as a significant underestimate of the number of breaches that actually occurred because not only are we not hearing from 9% of entities, but many authorities that did report probably did not detect or learn of all of the breaches they actually experienced. BBC notes, “For example, it does seem surprising that in 263 local authorities, not even a single mobile phone or memory stick was lost.” “Surprising” is a very diplomatic word. (“What They Didn’t Know: Big Brother Watch report on breaches highlights why we need mandatory disclosure“)
This looks like it has the potential to be a very interesting event:
The University of Miami School of Law seeks submissions for “We Robot” – an inaugural conference on legal and policy issues relating to robotics to be held in Coral Gables, Florida on April 21 & 22, 2012. We invite contributions by academics, practitioners, and industry in the form of scholarly papers or presentations of relevant projects.
We seek reports from the front lines of robot design and development, and invite contributions for works-in-progress sessions. In so doing, we hope to encourage conversations between the people designing, building, and deploying robots, and the people who design or influence the legal and social structures in which robots will operate.
Robotics seems increasingly likely to become a transformative technology. This conference will build on existing scholarship exploring the role of robotics to examine how the increasing sophistication of robots and their widespread deployment everywhere from the home, to hospitals, to public spaces, and even to the battlefield disrupts existing legal regimes or requires rethinking of various policy issues.
They’re still looking for papers at: http://www.we-robot.com. I encourage you to submit a paper on who will get successfully sued when the newly armed police drones turn out to be no more secure than Predators, with their viruses and unencrypted connections. (Of course, maybe the malware was just spyware.) Bonus points for entertainingly predicting quotes from the manufacturers about how no one could have seen that coming. Alternately, what will happen when the riot-detection algorithms decide that policemen who’ve covered their barcodes are the rioters, and opens fire on them?
The possibilities for emergent chaos are nearly endless.
Three stories, related by the telephone, and their impact on privacy:
Starting on Black Friday and running through New Year’s Day, two U.S. malls — Promenade Temecula in southern California and Short Pump Town Center in Richmond, Va. — will track guests’ movements by monitoring the signals from their cell phones.
Still, the company is preemptively notifying customers by hanging small signs around the shopping centers. Consumers can opt out by turning off their phones.
The tracking system, called FootPath Technology, works through a series of antennas positioned throughout the shopping center that capture the unique identification number assigned to each phone (similar to a computer’s IP address), and tracks its movement throughout the stores.
The company in question is Path Intelligence, and they claim that since they’re only capturing IMSI numbers, it’s anonymous. However, the IMSI is the name by which the phone company calls you. It’s a label which identifies a unique phone (or the SIM card inside of it) which is pretty darned closely tied to a person. The IMSI identifies a person more accurately and effectively than an IP address. The EU regulates IP addresses as personally identifiable information. Just because the IMSI is not easily human-readable does not make it anonymous, and does not make it not-a-name.
It’s really not clear to me how Path Intelligence’s technology is legal anywhere that has privacy or wiretap laws.
Using the latest commercial software, Nasrallah’s spy-hunters unit began methodically searching for traitors in Hezbollah’s midst. To find them, U.S. officials said, Hezbollah examined cellphone data looking for anomalies. The analysis identified cellphones that, for instance, were used rarely or always from specific locations and only for a short period of time. Then it came down to old-fashioned, shoe-leather detective work: Who in that area had information that might be worth selling to the enemy?
This reminds me of the bin Laden story: he was found in part because he had no phone or internet service. What used to be good tradecraft now stands out. Of course, maybe some innocent folks were just opting out of Path Intelligence. Hmmm. I wonder who makes that “latest commercial software” Nasrallah’s team is using?
Caller ID has been celebrated as a defense against unwelcome phone pitches. But it is backfiring.
Telemarketers increasingly are disguising their real identities and phone numbers to provoke people to pick up the phone. “Humane Soc.” may not be the Humane Society. And think the I.R.S. is on the line? Think again.
Caller ID, in other words, is becoming fake ID.
“You don’t know who is on the other end of the line, no matter what your caller ID might say,” said Sandy Chalmers, a division manager at the Department of Agriculture, Trade and Consumer Protection in Wisconsin.
Starting this summer, she said, the state has been warning consumers: “Do not trust your caller ID. And if you pick up the phone and someone asks for your personal information, hang up.”
I’m shocked that a badly designed invasion of privacy doesn’t offer the security people think it does.
When I say badly designed, I’m referring to inline signaling late in the signal, not to mention that the Bells already had ANI. But they didn’t want to risk the privacy concerns with caller-ID impacting on ANI, so they designed an alternative.
I want to call attention to a new, important and short article by Jay Jacobs.
This article is a call to action to break the reliance on unvalidated expert opinions by raising awareness of our decision environment and the development of context-specific feedback loops.
Everyone in the New School is a fan of feedback loops of one form or another. Hypothesis testing, learning, and calling out superstition are all forms of feedback loops.
One thing that Jay brings in that I hadn’t seen is the idea of kind and wicked learning environments. A kind environment is one in which you can quickly get good feedback on things experts agree will help you improve. (Did you fall off the bike?) An unkind environment is, amongst other things, one where feedback comes later, if at all. Jay has a table. It’s on page 2.
Powered by Twitter Tools
Two changes here at Emergent Chaos this weekend: first, a new, variable width theme which is a little tighter, so there’s more on a screen. Second, I’ve moved the twitter summary to weekly, as comments were running about 50-50 on the post asking for opinion. I think that may be a better balance.
And a bonus third: someone else’s navel for you to gaze at: