Category: blogging

What should the new czar do? (Tanji's Security Survey)

Over at Haft of the Spear, Michael Tanji asks:

You are the nation’s new cyber czar/shogun/guru. You know you can’t _force _anyone to do jack, therefore you spend your time/energy trying to accomplish what three things via influence, persuasion, shame and force of will?

I think it’s a fascinating question, and posted my answer over at the New School blog.

Hearsay podcast: Shostack on Privacy

Dennis Fisher talks with Microsoft’s Adam Shostack about the Privacy Enhancing Technologies Symposium, the definition of privacy in today’s world and the role of technology in helping to enhance and protect that privacy.

As always, a fun conversation with Dennis Fisher. Ran longer than I think either of us expected at 41:15.

And speaking of PETS, I took a bunch of photos. Should I get permission before posting them to the net? None are embarrassing or compromising. Perhaps as the organizer of a privacy conference, I should hold to a higher standard?

Chris, I'm sorry

I hate the overuse of URL shortners like tinyurl. I like to be able to see what a link is before I click on it. I don’t like that these companies get to be yet another point of surveillance. (To be fair, tinyurl doesn’t seem to be taking advantage of that. I have cookies from tr.im and su.pr, but not TinyURL.) And so I edited your comment to replace a tinyurl with a full url, and commented that I “corrected it.”

I shouldn’t have done that, I should have just commented about it.

(If this blog was a Kindle, I’d undo it.)

We Regret The New York Times’ Error

In “Kindling a Consumer Revolt,” I quoted the New York Times:

But no, apparently the publisher changed its mind about offering an electronic edition, and apparently Amazon, whose business lives and dies by publisher happiness, caved. It electronically deleted all books by this author from people’s Kindles and credited their accounts for the price.”

What seems to have happened is that a publisher, Mobile Reference, incorrectly loaded the Orwell works onto their Amazon site. (1984, published 61 years ago, is out of copyright in most of the world.)

So the claim of the Times that the publisher “changed its mind” is a little misleading, and Amazon seems to have deleted only those copies, not all books by the author.

I had read this New York Times story as I wrote “Kindling a Consumer Revolt,” and decided that the story that interested me was that of what happened after the books were sold, and how that differed from the physical world, and so didn’t point this out. (It did influence my writing-I wrote “Eric Blair, a publisher…” rather than “his publisher.”)

This morning Jer Warren posted a comment on that article, pointing out his post on what happened, and we’ve emailed back and forth a little.

My take is that the inaccuracies were in cited and reputable sources, and are tangential to my main line of discussion which is about the way our laws and expectations are different in the physical and digital worlds, and a suggestion that Amazon change the Kindle to give them less control over the devices they sell.

But I can see Jer’s side of it, and thus, the title of this post. I’d be interested in your thoughts–how should we handle corrections like this that might be relevant?

Publius Outed

The pseudonymous blogger, Publius, has been outed. Ed Whelan of the National Review outed him in what appears to be nothing more than a fit of pique at a third blogger, Ed Volokh, and Publius commented on Volokh’s criticism of Whelen, so Whelen lashed out at Publius. Or so it seems from the nosebleed bleachers I sit in.

I suppose Publius isn’t completely blameless, but the only thing I’d criticize him for is his taste in names. “John J” would have been cuter, and heck why not just use “Jim Madison”?

However, the particulars aren’t really important. What’s important is the issues of pseudonymity, and so on. So I will move on to those.

Let’s get something straight from the start: pseudonymity and anonymity are not the same thing. I feel like it shouldn’t need constant repeating, but hey, if law professors can’t get it right, how can we expect other people to get it right? A pseudonym is an identity. It is an identity that is earned, because you don’t get to use any of your previous reputation. You’re starting from zero, especially when blogging.

There are many reasons people use a pseudonym. Publius did it because he’s a reasonably young law professor and has heard that there can be tenure issues for controversial blogging.

Maybe. If what you write isn’t very good, there’s a low cost to it, personally. But if what you write is good, then ironically, being known to be a pseudonym is better than the pseudonym itself. Mark Twain, Voltaire, and are better known than their so-called real names. Think of all the great actors and musicians who are known far better by their stage names.

This is why outing a pseudonym is a two-edged sword. It will likely irk the person using a pseudonym, but it’s less likely to hurt them, especially if they’re reasonably good. John Blevins is probably not going to have tenure problems, especially now that Whelan outed him. Ironically, he’s probably better off for having been outed than not and part of that is who outed him.

Well-known personages who are irked by pseudonymous writers may think they’re being attacked by some anonymous little nobody who is hiding, but no, they’re being attacked by an identity that’s just not easily tied to some SSN. The power relationship is such that the better-known person is unlikely to look good. Whelan certainly hasn’t come out on top on this one. While pseudonymity is somewhat controversial, it cuts across political lines and some of the most thoughtful criticism of Whelan comes from his admirers. And in the future, everyone in the law biz who remembers Publius will think better of Blevins. We human beings do that; that’s why the old movie star’s dictum about publicity is, “spell my name right.”

In other cases, the pseudonym still wins. Dan Lyons wasn’t hurt by being outed as Fake Steve Jobs. Joe Klein wasn’t hurt by being shown to be Anonymous. Juan Non-Volokh was probably helped by being outed, too, and Prof. Brian Leiter, who outed him, probably suffered in his reputation.

This is perhaps, I think the most important point, as it’s simply practical. If a pseudonym ticks you off, you’re better off letting them stew in their own juices. The better known a pseudonym is, the better it is for the author to be known as the pseudonym.

There are exceptions to this, of course. If Publius were a politically conservative professor blogging out his inner liberal, there’d be a hypocrisy issue that would hurt him, but it doesn’t make it any more right. Thoughtful people who out hypocrites usually talk about the outing being necessary despite it being questionable.

Nonetheless, an important lesson to this is that as Feedie said, outing a nym is “a matter of basic decency” and “unworthy of someone with [his] impeccable professional credentials”.

Twitter Bankruptcy and Twitterfail

If you’re not familiar with the term email bankruptcy, it’s admitting publicly that you can’t handle your email, and people should just send it to you again.

A few weeks ago, I had to declare twitter bankruptcy. It just became too, too much. I’ve been meaning to blog about it since, but things have just been too, too much. Shortly after I did, The Guardian published their hilarious April Fools article about shifting to an all-twitter format. I found it especially funny because they made several digs at Stephen Fry, the very person who drove me to twitter bankruptcy.

In Mr. Fry’s case, he’s literate, funny, worth listening to, and prolific. These traits in a twitter user are horrible as his content dominates the page over all the other tweets. The problem was twofold: I couldn’t keep up with Mr. Fry alone, and yet having removed him, a graph of the interestingness quotient of my twitter page resembled an economic report.

I discussed this with some other friends, one of whom is my favorite twitterer, because he has some magic scraper that puts his tweets into an RSS feed on his blog and I can read them at my leisure.

I opined that what I really need from twitter is streams separated into separate pages with metadata about how many unread tweets there are from each person I follow, and a way to look at them in a block. That way, I can look at Mr. Fry’s tweets, note that there’s a Mersenne prime number of them unread, and catch up.

In short, I want twitter to either an RSS feed or an email box. Either is fine.

One of my friends said that perhaps what Mr. Fry should do is put his tweets together into paragraphs, the paragraphs into essays, and then collect the essays in a book.

She also pointed out that twitter is perhaps the first Internet medium which does not level social hierarchies, but creates and reinforces them. The numbers of people following whom, who is attentively watching whose tweets and so on recreates a high-school-like social structure.

This brings us to #twitterfail, the current brou-ha-ha about a change in twitter rules in which direct messages only go to people who are following people who are following those who are following — someone.

The #twitterfail channel is a bunch of people retweeting that they think this is a bad idea. There is apparently no channel for retweeting if you think it’s a good idea.

Valleywag thinks it is a good idea in their article, “Finally, Twitter Learns When to Shut Up,” pointing out a Nielsen report that 60% of new twitter users drop out after signing up. This might be a way to cut down the noise level for people who are newbies, according to Valleywag.

Others see it as a way to further reinforce the status hierarchies. The brash and ever entertaining Prokovy Neva says:

What [various twitterati, none of whom is Stephen Fry] all have in common is an overwhelming desire to have lots of “friends” who follow them, but they want them to be loyal, positive, and not talk back, except to warble about how they’ve read their books or gush about how wonderful they are.

What they definitely, definitely DO NOT like is when people they aren’t following talk back to them using @. They hate it. It gets them into a frenzy.

I think they’re both right. I think that the sheer noise level of twitter combined with a wretched UI makes it unusable for people who have a long multitasking quantum. My twitter page goes back a mere seven hours, and Beaker has only said one thing (I hope he’s not sick). If I go to a long meeting or get on an airplane, I’ve lost context.

There are two behavioral feedback loops I see. Sometimes one twitters because one is twittering, which drives more twittering. The other is that one is not twittering because one is not twittering which drives not wanting to look at twitter.

Cutting down on the noise level would help people get into twittering, but not as much as Valleywag thinks. Twitter’s systems and subsystems are power-law driven (which is the same thing as saying they’re human status hierarchies). If you’re a newbie, noise isn’t really the problem, the problem is figuring out who you want to follow and wondering why you should bother tweeting into an empty room.

Prokovy Neva is right, too. The social circles that twitter creates are lopsided, and power-law in scale (which is why the whale is up so much). An even playing field for replies means that people who have lots of followers but follow few others not only don’t see messages from people they don’t know, but can have a nice civil public conversation with the few people they follow without having to know about the riff-raff. Right now, the downside of having lots of followers is that you can be on the receiving end of that power law. Over the long haul, that will lead to self-monitoring on the tweets, having tweets handled by assistants (which already goes on), or just giving up on it all.

I suspect that twitter will reverse this change (if they haven’t already) at least in part because there’s no channel of retweeting for people who like the change. Perhaps most of all, I think they realize that reinforcing the hierarchies to that degree would indeed make the twitter fad fade even faster than it would otherwise.

That seems to itself be inevitable, since it’s now been reported what should surprise no one — spammers are gleaning email addresses from tweets in real time as well as using twitter trending to drive uptake. That tweeting opens one up to spam will tend to put the brakes on it.

Camera thanks!

An enourmous thank you to everyone who offered advice on what camera to get.

I ended up with a Canon Rebel after heading to a local camera store and having a chance to play with the stabilization features. It may end up on ebay, but I’m confident I’ll get high quality pictures. If they’re great, of course, depends on my skills.

I hesitate to even ask, but what one book have you seen most help someone learn how to take great pictures? I want something that’s focused on how to orient & frame shots, not something on the technical side. The camera knows more about that than I ever plan to. So what one book would you suggest?

I’m thinking about the Rebel for Dummies book, since it covers both technical and artistic aspects. What book have you seen help others more?

Security is about outcomes: RSA edition

garner-hard-drive-crusher.jpgSo last week I asked what people wanted to get out of RSA, and the answer was mostly silence and snark. There are some good summaries of RSA at securosis and Stiennon’s network world blog, so I won’t try to do that.

But I did I promise to tell you what I wanted to get out of it. My goals, ordered:

  1. A successful Research Revealed track. I think we had some great talks, a panel I’m not qualified to judge (since I was on it), and at least a couple of sell-out sessions. But you tell me. Did it work for you?
  2. See interesting new technology. I saw three things: Garner’s hard driver crusher (they have a “destroy” button!), Camouflage‘s database masking and some very cool credit card form factor crypto devices from Emue. (I’d add Verizon’s DBIR, but I saw that before the show.) Four interesting bits? Counts as success. Ooh, plus saw the Aptera car.
  3. Announce our new blog at Newschoolsecurity.com. Done!
  4. See friends and make five new ones. It turns out that the most successful part of this was my Open Security Foundation t-shirt. I urge you all to donate and get this highly effective networking tool.
  5. Connect five pairs of people who previously didn’t know each other. I counted seven, which makes me really happy.

What I didn’t want: a hangover. Only had one, Friday morning.

Navigation