Stopped by the old site for the first time in nearly 10 years and did a little sprucing up.
I was thinking of exporting the site content into a PDF and deleting it from the web. But there’s a lot of stuff here, including comments from friends past that I deeply value, and I don’t want to tear all this history down, even if some of it can be a little cringe-inducing.
So I’ve done a little cleanup with a newer theme, fonts, header, and so on. I’m updating the About page as well, to reflect changes in how to find me. For example, I have abandoned Twitter in the wake of the Musk Meltdown of 2022, fully deleting my account (just like I did with Facebook in 2018). That was hard to do — I started on Twitter in 2007 and made a lot of friends, especially in Alaska and across the digital community inside public media.
But life, and the Internet, moves on. (Except, apparently, WordPress, which is still kicking and getting better. They even seem poised to join the Fediverse in some fashion this year.)
Many years ago I was a kid living in the Raleigh area and I met a music teacher who was leaving her job to go work for IBM as a programmer. I asked whether she had any programming background and she said no — but IBM was going to train her. She said IBM was recruiting new talent into the software field and wanted folks that could handle some math and logic, and to their thinking, music majors fit the bill for them. They were going to provide months of training and bring this music educator up to speed with new skills and then use her to create software for IBM.
That’s how you solve a lack of skills in your industry: you find people that are smart and trainable, and you train them.
The So-Called Security Skills Crunch
These days you can’t swing a dead cat around without hitting a hand-wringing or cheer-leading security industry article talking about:
Well that sounds good to me! I’ve been doing IT security work for years as part of my various IT infrastructure, project, and management jobs. I work with firewalls, VPNs, networks, servers, directories and so forth all the time. I’ve been a HIPAA Security Officer in the healthcare sector. I’m gonna be rich!
So… where’s my big fat check?
Reality of Corporate Attitudes Toward Security
The truth is corporations really don’t like security and they aren’t hiring nearly as much as the salary surveys and feel-good security industry articles would have you believe. To most corporate leaders, IT security feels extravagant and wasteful: “Why would I hire even more people to not produce anything marketable?” Even worse, more security slows productivity for those that actually are generating marketable goods and services. And to guys in the C-suite, it’s painfully boring to boot — whether it’s endless policy discussions or technical reviews, it ain’t sexy or fun.
The data breach explosion and the corresponding breach fatigue come from these corporate attitudes: that security is boring, too expensive, and anti-productive. Corporations that get “hacked” — like Target, Home Depot, the USPS, your local hospital chain — aren’t getting taken by brilliant mastermind super-villains with supercomputers. They’re getting their data splattered across the Internet because they’re lazy and cheap.
It’s Not Good to be the King
All that said, I feel for these corporate leaders. They’re living through a Catch-22 situation. Since they haven’t yet spent any attention or money (to speak of) on security, their only internal line of defense is a socially-inept neckbeard who’s answer to every threat — no matter the real risk — is “lock it down” and scold everyone for being so foolish. When that proves fruitless and frustrating they turn to outside security consultants, who cost them a fortune, but who cannot — no matter how much you pay them — force your company to develop and follow better policies or allocate capital or operating budgets to really, truly solve the most pressing security problems.
If you’re a CEO or COO or even if you’re the CIO, most likely you’re better at politics than policy, and you simply don’t know how much to spend in cash or attention to solve enough of your security problems to be helpful without spinning off into infinite expenses.
Security, at the policy and prioritization level, is damn hard. Someone needs to be smart enough on the tech and the business, but have enough political pull to guide changes in daily behaviors throughout the organization. That’s a really rare combination of skills and political powers.
So About That Hiring Problem…
Yep, the situation stinks for the CEOs, CIOs, and other leaders. But the fact remains that they need good security techs and security policy wonks, and they need to keep them moored to the reality of the business and market while also funding their work to a sufficient level.
Given the Breach-a-palooza we’re living through, clearly there’s not enough hiring going on for security-minded people, and security is not part of most companies’ core cultures. But let’s assume that changes. Let’s assume businesses want to get rolling with security-minded hiring. How do they find the talent?
Because the Catch-22 that’s stopping businesses from hiring also creates a Catch-22 for potential candidates. Companies that do start hiring security people slap on all kinds of prior-experience and certification requirements. If you’re a candidate with limited or even tangential-but-relevant experience… too bad, chump. You’re not a CISSP? HR’s resume-scanning software will kick out your resume before you even talk to anyone. You haven’t been doing IT security work in a dedicated security role for the last 10 years? Don’t bother applying.
Welcome to the Catch-44
I’ve seen this before:
the software company that wants to hire coders with 10 years of Java experience when the language was only 7 years old
the marketing group that wants 5 years of social media experience only 3 years after Facebook opened to the public
the certification group that wants you to prove you have industry experience before you sit for the test, but you can’t get the experience without the cert.
This is what I call the Catch-44: companies that can’t hire for security because they’ve never hired for security and are scared to start, and candidates that can’t get security jobs because they haven’t done security work in the past. Employer Catch-22 + Candidate Catch-22 = Catch-44.
Someone has to make the first move here.
Investments Are Made by the Guys with the Capital
So here’s the deal. Companies are the ones with something to lose. They’re the ones traded on the touchy risk-averse stock market. They’re the ones with the deep pockets, funded by tax breaks and 10+ years of depressed employee wages. It’s their responsibility to foot the bill and break this Catch-44 logjam (to mix metaphors).
Follow IBM’s lead… from the late 80s. Hire the music teacher with the raw skills and train them. Only this time you can actually hire experienced IT folks who’s jobs are being outsourced and automated anyway. Move them “up the stack” into security work.
The training is out there, ready to be absorbed. The policy frameworks are out there. Start making the investments.
And until we see real investments in the field by the incumbent businesses, I don’t want to see another “security staffing shortage” article, mmmkay?
Via Twitter, I happened upon Rob Pegoraro’s post — A grab-bag of #GamerGate responses — and his comments rang true after following the story for a while and after getting attacked on Twitter by sock-puppet accounts operated by the young and the deluded. #GamerGate has been a big deal in the tech world for a while now, but I think we’re finally seeing it die.
Here are my own thoughts after reading Rob’s piece, and after more than a week of watching this train wreck…
You’re either naive or lying
The call for a “pure” form of games journalism — one free of graft or political intermingling of producers and reviewers — is either
driven by hard-core gamers that tend to be young and poorly informed about the world, or
an intentional cover-up of the deep and ugly misogyny that started the whole GamerGate mess, or
Every industry, every job, and every aspect of public life has ethical dimensions. Some people walk one side of the line while others walk the opposite. That’s life. You have to assess which side a given writer is coming from and take an appropriately-sized grain of salt with what they say. It’s true for every form of journalism, commentary, blogging, prognosticating, business, politics, relationships — everything.
People talk about the cozy relationships of the press and the political class all the time. It’s the subject of TV and radio shows, blogs, books, podcasts, speeches… there’s an endless discussion about ethical dilemmas created by these relationships (and rightly so). But they don’t slap “-gate” at the end of every media analysis show and then threaten to kill a few women for participating in the conversation.
So either GamerGaters are deeply naive about the real world — which is lamentable but means we can ignore them — or this violent call to arms over ethics is really just a cover for the violence itself.
Or, again, a little Column A, a little Column B.
When attacking women, the safe word is “ethics”
I suspect this #GamerGate mess can be boiled down to a simple sequence of events brought about when both kinds of GamerGaters (the naives and the misogynists) came together around the hashtag itself. The “pivot” from misogyny to ethics worked like this:
A few prominent games voices took note of several things surrounding the dissolution of the gamer identity via the arrival of new thinkers, producers, and ideas as the games world expanded. With just a few posts, the scapegoating and anger quickly gelled around those “outsiders”: women, and especially women that took public positions out of step with hardcore games culture. There were some interesting elements in this phase that focused on ethics, but they were relatively minor. Still, this is where the naives and misogynists first teamed up, but for different reasons.
The attacks quickly went way over the top, driven by the misogynists, which attracted attention from responsible writers in the games world. Once cooler heads showed up saying, “You guys are disgusting…” the naive attackers realized, “Maybe this doesn’t look so good from the outside…” and turned their attention to the journalists themselves and cried out, “It’s about ethics!” And there’s just enough meat on that bone to make a soup, so it’s the perfect diversionary pivot.
As #GamerGate flame wars continued to expand (and get automated with bots), it even got the attention of mainstream journalism and culture, but not in the way the GamerGaters hoped. Everyone — outside of hardcore misogynists and naive GamerGaters — was utterly horrified. The full-on mainstream cultural backlash began, including articles in major publications that exposed the horror and didn’t give a rip about any #GamerGate reactions. (Sadly the games press was stunned by the controversy and couldn’t mount an effective backlash themselves.)
Game Over. Insert 25 cents to continue.
So that’s where we are today: #GamerGate Over. Even celebrities are speaking out against it.
The only folks still beating the “games journalism ethics” drum at this point are folks that don’t yet realize the war is over and #GamerGate lost: the naives and the folks that feel guilty for saying some truly awful things.
Pro Tip: If you want to discuss games journalism ethics now — and by all means, go for it — you’ll need a new hashtag. This one’s ruined.
I was very sorry to hear about the death of writer Joe McGinniss. He had a large, and unexpected impact on my life, though we never met (but I did once see him at Bernie’s Bungalow in downtown Anchorage). He’s a big reason I moved to Alaska briefly in 1996, and again for a much longer 12-year stay starting in 2001. He wrote Going to Extremes.
Published in 1980, Going to Extremes was a sort of journal McGinniss kept as he traveled around the state, from southeastern Alaska to Barrow on North America’s northern edge, from Bethel to Anchorage and Fairbanks and along the pipeline — everywhere. He visited at the end of the 1970s and traveled like a local, using the Marine Highway (the ferry) to travel up from Bellingham, Washington and then ride with a gregarious salesman in a new pickup truck into Canada and back down to Anchorage in the dead of winter. He flew in small planes, tasted the bitter petroleum ice smog of Fairbanks, discovered the depression and racism of Barrow, and the culturally enticing yet isolating communities of the Y-K delta. He watched midnight sun baseball and recounted rampant drug abuse in Juneau at a time when the State was rolling in new oil money and didn’t really know how to govern itself.
I read this book back in the mid-1990s before moving to Alaska in the summer of 1996, after a failed attempt at teaching high school. I was drawn to the land of extremes, the world of possibilities that an Alaska re-invention represented. I left at the end of that summer, returning to reality in the Lower 48. But the romantic notions of the Last Frontier never left me.
I took my girlfriend to Alaska in March 2000 for a brief vacation and proposed to her in the back of a flightseeing plane after landing on a frozen lake. That wasn’t as romantic as it sounds, however, due to the drunk guys also in the little plane. But you know, Alaska and alcohol have a long history together. 😉
After the dot-com crash of 2000, things slowed down at my job and we looked west for adventure, for something new. I stumbled across a job in Anchorage, took my fiancee with me on an interview trip, and by February 2001 we were packed into a Honda CR-V with a dog, a cat, and a lot of stuff, heading north from Louisville, Kentucky. We figured if we didn’t try Alaska then, while we were younger, we’d never try it. We thought we’d move there for 2 or 3 years, then move back.
12 years later we finally left Alaska. But in those years we explored the state and hosted friends and family that wanted to sample the adventure. We were hugely separated from family most of the time, but we found a new community while there, one we’re not finding so easily now that we’ve returned to the Lower 48. Anchorage is a city of transition for so many, and we fit in there. Not so much down here.
Sure, McGinniss wasn’t the only reason I moved to Alaska. But that book had an effect. And I can tell you his perspectives from the late 1970s still apply today. Alaska is indeed a land of extremes, whether it’s the dramatic swings of day and night, of heat and cold, of ice (glaciers) and fire (volcanoes), the earthquakes, the political insanity (McGinniss also wrote a book on Sarah Palin), and the many cultures across the state. I even asked a friend in Bethel whether he’d met any of the characters described in McGinniss’ book. He had. Were the descriptions accurate? They were — absolutely. Some people were proud to have been in the book, while others thought the descriptions were unfair.
Naturally, I recommend the book, and I’m sorry to hear McGinniss has passed away. His writing fired up my imagination and allowed me to experience the romantic draw of a life on the modern frontier — a place where you can start over, where you can define yourself, and where you live in a community so small it’s naturally close-knit.
He’s better known for other books, but to me he’ll always be the guy that captured the spirit of Alaska like no other writer before or since.
After reading Barb Darrow’s post earlier today asking the question “What about Bill?” in the Microsoft transition, I immediately recognized what happened and quickly commented on Google+. But I wanted to take those notes and expand a little further here, because I have always had a keen interest in organizational strategy and culture, and especially how corporate cultures are set through executive action.
First off, I don’t know if Satya Nadella is the best possible pick as Microsoft’s new CEO, so I’ll leave that to the “analysts” out there (although he looks like a pretty darn good choice to me). But one thing struck me about announcement: it’s brilliant in its almost Machiavellian construction.
Here’s how this delicate-yet-strong power transition works:
As everyone expected, Ballmer is now 100% out of the picture, which is good because he was rocking the boat too much with his overly-emotional and disruptive monkey-dance style. There was never going to be a role for him going forward because he has only one volume setting (11) and he can be a loose cannon in interviews.
Meanwhile Gates is removed from the Board Chairman seat and he’ll now “help” Nadella with the transition and participate in product innovations. This is undoubtedly the joint work of the Board and Nadella, who expertly crafted a way to both keep Gates around long enough but also politely escort him out of the executive suite. Gates’ power is now deeply neutered so the Board can discuss matters without him second-guessing them. Whether the Board can really guide the company effectively from here is debatable, but at least they don’t have to play second fiddle to a legendary founder with whom they just can’t compete.
Nadella has neatly cloaked himself in the Gates shadow by pulling Gates into his own orbit and putting Gates into an active — but not too active — and temporary role as “advisor” to Nadella and selected product teams. This is a way to dazzle the long-time Microsofties with the sparkly goodness of Gates and show that Nadella is the true chosen successor — all while Nadella consolidates power and starts to turn the ship.
The icing on the cake for Nadella, the Board, and hopefully customers? Gates’ temporary participation is focused on fostering a new culture the Board knows they desperately need: a culture of innovation. Microsoft has blown it on multiple tech revolutions for years, and they need to find the next wave or just drown. Bringing in a legend to work forthe new CEO sends a clear message to everyone in the company: help us innovate or hit the bricks, no matter how much money you’ve got.
Going forward, it doesn’t much matter whether Gates actually does anything of technical or product value for Microsoft. His primary value now is being the poster boy for innovation. If he doesn’t deliver much, no big deal — he can fade nicely into Microsoft history and guide the amazing work the Bill & Melinda Gates Foundation is doing. He just can’t sit on the Microsoft Board anymore, telling everyone how he did it in 1995.
This CEO transition strategy really is remarkable. It’s done two seemingly impossible things at the same time: It’s gotten Gates out of the way withoutsetting up a series of narratives that compare Gates and Nadella ad infinitum. And I’ll bet you a tiny fraction of Gates’ fortune that he’s actually cool with it. It relieves him of a lot of pressure to deliver results in a company that he’s not really been running for a very long time. He can spend a year or so hanging out at Microsoft part-time, and slip away.
The Microsoft Board has really set the tone for the next 10 years with three simple messages:
We love the company Gates built and the legacy he’s leaving us.
But Nadella is our guy now, so listen to him.
And you all better get to innovating right away. There’s no time to lose.
I like Chromebooks. I’ve owned 2 of them. But there’s a big problem with all of them. And it’s not the fact they have small SSDs or only run Chrome OS or have a ridiculously high price (hello Pixel!).
The problem is that all Chromebooks on the market in January 2014 stink in one or more ways. Each may have its good points, but there are always more downsides than upsides, and that means as a user you have to contend with both the downsides of Chrome OS (it’s not a traditional laptop) as well as the downsides of your particular Chromebook (poor hardware features A, B, and C).
We need a new Chromebook — perhaps from a new manufacturer — and it needs a tightly-defind set of specs that fix all the problems of the current crop of the delightfully-limited machines. With the hardware fixed, users can focus on adapting to the new world of Chrome OS as a solid low-cost, low-hassle computing experience.
Don’t believe me about the busted hardware? Check out my analysis on this live, public Google Sheet. The bright green boxes highlight the hardware elements the manufacturers got right. Everything else is either just okay or may be downright bad.
What current Chromebooks get wrong
Where do we start? Processor, for one. Consider the Chromebook 11 that HP launched, un-launched, then re-launched this past fall. It uses a processor that’s basically 2 years old (!) and severely under-powers the current generation of Chrome OS (which is getting more capable and complex with each release). It also has the meager 2GB of RAM all too common to Chromebooks, and a weak trackpad and keyboard. I bought it and returned it (and I never return electronics). That said, it has an awesome — albeit small — IPS screen, and it comes in a small, light package with attractive styling. Sigh.
What about the current market sales leader? That appears to be the collection of Acer C720 / C720P Chromebooks. There are literally 10 models out there as of this posting. These beat the HP Chromebook 11 mostly because Acer fixed the processor issue by using a Celeron processor built on the Haswell architecture. Yay! Except Acer makes chintzy hardware. The screen — with our without touch features — is small, dim, and lackluster to say the least. The keyboard is tiny and cheap, and every reviewer despises the trackpad. The exterior look of the unit has improved over past Acer efforts, but it’s still cheap Chinese plastic by nature. Double sigh.
Maybe Toshiba can save us with the launch of their CB30 Chromebook next month! Starting February 16 you can buy the first-ever 13.3″-screen Chromebook — a big improvement over the 11.6″ screens without incurring the weight penalty of the HP Chromebook 14. The case looks nice, with a dimpled silver plastic covering and a clean interior appearance that’s a cross between the old Samsung Chromebook and a MacBook Air. So what’s wrong with it? Not too much — this design comes closest to being the best non-Pixel Chrome OS machine. However, it’s still crippled with 2GB of RAM and has a screen that reviewers have said is a bit dull, with limited viewing angles. Toshiba gets the most “green boxes” in my Chromebook analysis sheet, but it’s still not enough to get me to drop $280 on a pre-order.
So that’s the problem in a nutshell — every Chromebook exacts one or more penalties on buyers that will either get the machine returned to the store or will relegate them to casual machine status on the couch instead of primary computer status everywhere.
Time to build the Chromebook Awesome
But here’s the good news: All the corner-cutting on the current generation of Chromebooks can be fixed. We just have to stop cutting corners, without going nuts and ending up in Pixel territory ($1,300+). So that’s what I’ve done with my Chromebook Awesome design.
In the next-to-last column on the comparison spreadsheet I’ve included what I call the Chromebook Awesome. This is the Chromebook that gathers all the best elements of the other Chromebooks and makes a proper machine. It’s more expensive than the rest at an estimated $450 (except the Pixel, of course), but it fixes everything that’s broken with the other models. In reality, it’s a better Chromebook than the Pixel because it’s accessible to a broad audience, and it’s got everything needed for a very good cloud-based and Google-based experience.
What’s to like?
A price that’s lower than an iPad Air.
A screen that’s big enough to be comfortable but not too big to be portable. It also has higher resolution than the cheaper units, at 1,440 x 900. It’s also an IPS screen that’s bright, clear, and sharp, with great color reproduction.
A great keyboard and trackpad, so using the Chromebook for long periods won’t infuriate you.
A solid 8 hours or more of mobile life away from an AC outlet, but a weight that won’t make you break a sweat.
A quick-enough processor and enough RAM to allow for lots of tabs without painful slow-downs.
All the ports you really need — USB 3, HDMI, and an SD card slot.
A 720p or better webcam that makes you look good in those Google Hangout sessions. Plus a good microphone and some solid (but not audiophile) speakers.
So who’s gonna build it?
At the moment, Toshiba is closest to the Chromebook Awesome finish line. All they would have to do — it appears, because there aren’t any detailed reviews yet — is improve their screen quality (IPS) and resolution (1,440 x 900), add 2GB of RAM, and add enough battery to cover the increased screen power requirements. Then they can raise the price by $170 and watch the orders roll in.
But really, any major electronics manufacturer could build this machine. Sony could do it. Lenovo could easily add this to their Chromebook lineup (of 1). LG could go beyond their overpriced and underpowered Chromebase and make the Chromebook Awesome. Google could stop showing off with the Chromebook Pixel and hire one of their partners to make this machine. The parts are all off-the-shelf and ready to go. The only really hard part is the industrial design — it has to be attractive, with clean lines, great usability, and good durability. They also have to ensure the hardware components have excellent drivers (e.g. for the trackpad).
For now, all we can do is hope some product manager out there makes the same spreadsheet I did, and takes action to build the Awesome.
Because until the Chromebook Awesome appears, I’ll be sitting on my wallet.
Earlier this month LEGO launched their own take on NASA’s Mars Science Laboratory Curiosity rover — the amazing red planet crawler that successfully landed on the surface back in August 2012. Now you can buy and build your own interplanetary rover for just $30 + shipping at the LEGO store.
I bought one on launch day (January 1) and just got it this week. And 295 pieces later I got it assembled. Whew!
It comes with a nice manual / mission overview booklet in several languages. This is definitely an adult toy, as the assembly process would probably frustrate all but the most die-hard young LEGO or dedicated science fans. I think it took me about 90 minutes to get it assembled in a single sitting.
Here’s mine, assembled and on my desk at home:
On thing’s for sure — this thing would not survive a trip to Mars (about 140 million miles, on average). It’s fairly delicate, with spindly arms and legs and protruding parts that are plastic stand-ins for the various sensors and tools on the real rover.
What’s remarkable, though, is that the wheels and suspension system work. You get a pretty good feel for why the suspension was made this way — to bumble over rocks and uneven terrain with independent movement for each wheel.
I’d say the level of detail in the LEGO model is amazing, but that’s not true. What is amazing, though, is how well LEGO did in creating a credible model using mostly common LEGO parts. It seems like there are a few unique parts, but for the most part I’ve seen these elements before in other LEGO kits, but their application is really creative.
So for $30 you can have a little piece of space science history on your desk and get your hands on some of the mechanical design of the real thing. Plus, if you buy this model, you’re helping validate a unique market approach by LEGO — the crowdsourcing of ideas and even model designs through their CUUSOO program. This particular model was created by a JPL engineer that worked on elements of the original rover. Very cool.
Microsoft announced today they will continue to provide anti-malware software updates past the April 2014 end of support for Windows XP. For those that felt pressured to migrate to Windows 7 or 8 before the deadline, this might sound like a big relief.
It is not.
Don’t be fooled. Yes, continuing to get updates to Microsoft-supplied anti-malware software is a good thing, but that’s just one part of your risks and your defenses. Microsoft did not announce they were extending support and updates for Windows XP itself. And if you’re not using Microsoft anti-malware software, then the announcement doesn’t help anyway.
Here’s the deal: If Windows XP isn’t patched by Microsoft on a regular basis, new exploits are revealed and your computer gets more and more vulnerable over time. Microsoft’s XP patches stop in April. At that point Windows XP gets increasingly dangerous to your business and information. What’s worse is that security researchers have suggested there’s a pile of XP security exploits already developed, and miscreants are just waiting for April to release them. If they’re correct, an avalanche of unannounced attacks on XP would arrive in April or May, and any PCs left running XP could be reduced to quivering jelly. Or something. Anti-malware updates won’t protect against all those possible attacks.
The solution? Well… you already know the solution. Get rid of Windows XP and move to…
Mac OS X
…whatever it takes.
Let’s be honest here. You’ve known XP needed to go for years now, as Microsoft has extended the XP deadline again and again and again. At this point any excuses you’ve got left are hollow and exposed as either laziness or criminal cheapness. There are no legitimate excuses left.
And nonprofits don’t get a free pass here. In many ways nonprofits have it easier than other businesses, given the insanely cheap licensing avaiable via TechSoup or the very affordable charity licensing available from Microsoft.
I’m a pretty compassionate IT professional, recognizing that nonprofits in particular and businesses in general can find IT systems management challenging. But when it comes to Windows XP as of April 2014, I have no compassion left.
I love long distance driving and most of the amazing U.S. Interstate system. But the “broken” parts have always been those within our cities — they’re not scaled quite right, they break up local communities too much, and they’re often ugly. Now I understand where we went wrong in carrying out Eisenhower’s vision. Check out this great piece that explores how we could run our highways so they’d serve our dual needs: intercity driving and intracity transportation.