Archive for the 'Personal' Category

Jul 13 2014

Impostor syndrome

Published by under General,Personal

What am I doing here?  When are they going to realize I don’t know what I’m doing?  How long until they fire me for faking it?  I don’t belong with these people, they’ve actually done something, while nothing I’ve done is remarkable or interesting.  I’m not worthy of this role, of being with these people, of even working in this environment.  I’m making it up as I go along and nothing I could do would ever put me on the same level as the people around me.  How did I end up here?

I know I’m not the only one who has these thoughts.  It seems to be common in the security community and not uncommon in any group of successful people.  It’s called ‘impostor syndrome‘ and it’s often considered a sub-set of the Dunning-Kruger effect.  Basically it’s a form of cognitive dissonance where a successful person has a hard time acknowledging his or her success and overemphasizes the many mistakes everyone makes on a daily.  To put it simply, it’s the thought we all have from time to time that “I’m not good enough” writ large.

It’s not hard to feel this way sometimes.  In security, we create heroes and rock stars from within our community.  We look at the researchers who discover new vulnerabilities and put them on a stage to tell everyone how great their work is.  We venerate intelligence, we stand in awe of the technical brilliance of others and wish we could do what they do.  We all tend to wonder “Why can’t I be the one doing those things?”

It’s easy to feel like this, to feel you’re not worthy.  We know the mistakes we made getting to where we are.  We know how hard it was, how rocky the road has been, where the false starts and dead ends are and all the things we didn’t accomplish in getting to where we are.  When we look at other people we only see the end results and don’t see all the trials and tribulations they went through to get there.  So it’s all to common to believe they didn’t go through exactly the same road of mistakes and failure that we did.  As if they don’t feel just as out of their depth as we do.

I don’t think there’s a cure for impostor syndrome, nor do I think there should be.  We have a lot of big egos in the security community and sometimes these feelings are the only thing keeping them from running amok.  The flip side of impostor syndrome, illusory superiority, the feeling that you have abilities that far outstrip what you actually have, is almost worse than thinking your an impostor.  And I’d rather feel a little inadequate while working to be better than to feel I’m more skilled than I am and stop working to get better.

If you feel like an impostor in your role as a security professional, I can almost guarantee you’re not.  The feeling of inferiority is an indicator that you think you’re capable of more and want to be worthy of the faith and trust those around you have put into you.  You might be faking it on a daily basis, making things up as you go, but the secret is that almost all of us are doing the exact same thing.  It’s when you know exactly what you’re doing day in and day out that you have to be careful to fight complacency and beware of illusory superiority.  It’s better to think you’re not good enough and strive for more than to think you’ve made it and are the best you can be.

One response so far

Jun 10 2014

If you don’t enter, you can’t win

Let me start by saying Nikita is brilliant and should be showered for accolades for coming up with this, presumably on the fly.

Let me give you some background.  Today was the day the letters about who’s talks were accepted for Defcon 22 came out.  Additionally, all the rejection letters for those not lucky (or well prepared enough) to be chosen to speak came out today.  I know my limitations, and as such, I haven’t submitted a talk to Defcon, other than being on panels and being part of the Defcon Comedy Jam in years past.  I also know I’m a smart ass and I jokingly asked Nikita on Twitter (@niki7a) “Can I get a #Defcon rejection letter?  Even though I never submitted anything.”  And here’s the reply I got.  As a coworker put it “So your talk on not submitting and regretting it was rejected because it wasn’t submitted and the rejection was song lyrics about not regretting your actions with a statement on why they regret rejecting your non-submitted non-submital? Meta.”

Martin,

The review board has reached a decision for your submission. Unfortunately, we will not be accepting your talk, “I didn’t bother to submit, and other regrets in the Hacker scene”, for DEF CON 22. If you submitted more than one paper, it may still be in review. Individual letters are sent out for each paper.

Every year, I have to write a bushel of rejection letters, and it’s never easy to shoot someone down who has put together a CFP. I really respect the effort each applicant puts into their work. The work you do, and the willingness to share your knowledge with the community is incredible, and I appreciate the fact you submitted with us. In a perfect world, every submission would be accepted and it’s contents shared with the community. Each talk has the potential to be the building blocks for a new idea, the solution to someone’s headache, the itch that needs scratching, or the salve for someone else’s.

In the end, I try to provide feedback for you so that when a talk is rejected you can get some sense of why and take that feedback to build a better paper. Hopefully, you can use it to submit it again to another conference, or again with us next year. Either way, Thank you again for the hard work. I’ve put together your feedback from the review board below.

———————————————
 We had to reject simply due to the fact that you didn’t submit. Maybe you will think about that next time. I mean seriously, like, what were you thinking?  I’d like to give you the following feedback as a way to help you understand this oversight on your part, perhaps my words will motivate you to improve your position for next year.

“And now, the end is here
And so I face the final curtain
My friend, I’ll say it clear
I’ll state my case, of which I’m certain
I’ve lived a life that’s full
I traveled each and ev’ry highway
And more, much more than this, I did it my way

Regrets, I’ve had a few
But then again, too few to mention
I did what I had to do and saw it through without exemption
I planned each charted course, each careful step along the byway
And more, much more than this, I did it my way

Yes, there were times, I’m sure you knew
When I bit off more than I could chew
But through it all, when there was doubt
I ate it up and spit it out
I faced it all and I stood tall and did it my way

I’ve loved, I’ve laughed and cried
I’ve had my fill, my share of losing
And now, as tears subside, I find it all so amusing
To think I did all that
And may I say, not in a shy way,
“Oh, no, oh, no, not me, I did it my way”

For what is a man, what has he got?
If not himself, then he has naught
To say the things he truly feels and not the words of one who kneels
The record shows I took the blows and did it my way!

[instrumental]

Yes, it was my way”

Thank you for your time, I can’t tell you how much I appreciate the opportunity you’ve given me to berate you over electronic medium, I can’t wait to see you at the show!

Please consider submitting or not submitting again in the future, and I hope that you enjoy DEF CON this year.

———————————————

Thanks,
Nikita Caine Kronenberg

There may be material here for a submission to Defcon 23.

No responses yet

Jun 03 2014

Well done, HITB, well done

Published by under Hacking,Personal,Public Speaking

One of the advantages of having moved to the UK from California last year is that I often get the chance to attend conferences I never would have dreamed of attending otherwise.  Thanks to this, last week I was able to attend one of the events I’d never hoped to be able to see otherwise, Hack in the Box Amsterdam.  And I’m very glad I did, as are my children, aka the Spawn.

One of the unique things about this year’s HITB was their choice of keynote speakers, which were all women.  None of them were asked to speak about “women in infosec”, nor were they discouraged from the topic.  But they were all women who are recognized as having accomplished great things in the security field.  Katie Moussouris opened up the conference talking about how the security community is finally at a point where we actually have the influence we’d always wanted, now we have to do something with it.  That and announcing her new role as the Chief Policy Officer for Hacker One, a bug bounty company.  The second day was opened by Jennifer Steffens, CEO of IOActive who called bullshit on the security community for being such a bunch of emo posers and pointed out what a wonderful time it is to be in security as well as illustrating some of the exemplars  in our field.  Both of these security professionals gave keynotes worthy of nearly any conference in the world.

The Haxpo, or vendor area as we generally call it, alongside the conference was also well worth the visit.  TOOOL was in evidence, as were a number of the local hacker spaces, but my favorite part of the show floor.  I picked up a HITB badge, Spawn0 got a TV-B-Gone and we both went to town with soldering irons.  Spawn0 was more successful than I was, as his TV-B-Gone worked while my badge didn’t, most likely due to lack of soldering skills on my part.  He’s just waiting for football (aka soccer) season to get into full swing to test it’s full capabilities.

Will I attend HITB again?  It depends; I’d just come off of two weeks of intensive travel and probably could have used downtime as much as I wanted to see this event.  But I’m very glad I went and got to meet additional members of the European security community.  Maybe next year I’ll try to avoid having so much travel leading up to the event.

No responses yet

Mar 07 2014

You have been identified as a latent criminal!

This afternoon, while I ate lunch, I watched a new-to-me anime called Pscho-Pass.  The TL:DR summary of the show is a future where everyone is chipped and constantly monitored.  If their Criminal Coefficient becomes to high, they are arrested for the good of society.  It doesn’t matter whether they’ve commited a crime or not, if the potential that they will commit a crime exceeds the threshold set by the computer, they’re arrested, or killed if they resist arrest. Like many anime, it sounds like a dystopian future that could never happen.  Except when I got back to my desk, I saw Bruce Schneier’s post, Surveillance by Algorithm.  And once again what I thought was an impossible dystopian future seems like a probable dystopian present.  

As Bruce points out, we already have Google and Amazon suggesting search results and purchases based on our prior behaviours online.  With every search I make online, they build up a more detailed and accurate profile of what I like, what I’ll buy and, by extension, what sort of person I am.  They aren’t using people to do this, there’s an extensive and thoroughly thought out algorithm that measures my every action to create a statistically accurate profile of my likes and dislikes in order to offer up what I might like to buy next based on their experience of what I’ve purchased in the past.  Or there would be if I didn’t purposefully share and account with my wife in order to confuse the profiling software Amazon uses.

Google is a lot harder to fool and they have access to a lot more of the data that reveals the true nature of who I am, what I’ve done and what I’m planning to do.  They have every personal email, my calendar, my searches, in fact, about 90% of what I do online is either directly through Google or indexed by Google in some way or shape.  Even my own family and friends probably don’t have as accurate an indicator of who I really am behind the mask as Google does, if they choose to create a psychological profile of me.  You can cloud the judgement of people, since they’re applying their own filters that interfere with a valid assessment of others, but a well written computer algorithm takes the biases of numerous coders and tries to even them out to create an evaluation that’s closer to reality than that of most people.

It wouldn’t take much for a government, the US, the UK or any other government, to start pushing to have an algorithm that evaluates the mental health and criminal index of every user on the planet and alerts the authorities when something bad is being planned.  Another point Bruce makes is that this isn’t considered ‘collection’ by the NSA, since they wouldn’t necessarilly have any of the data until an alert had been raised and a human began to review the data.  It would begin as something seemingly innoccuous, probably similar to the logical fallacies that governments already use to create ‘protection mechanisms’: “We just want to catch the peodophiles and terrorists; if you’re not a peodophile or terrorist, you have nothing to fear.”  After all, these are the exact phrases that have been used numerous times to create any number of organizations and mechanisms, including the TSA and the NSA itself.  And they’re all that much more powerful because there is a strong core of truth to them.

But what they don’t address is a few of the fatal flaws to any such system based on a behavioural algorithm.  First of all, inclination, or even intent, doesn’t equal action.  Our society has long ago established that the thought of doing something isn’t the same as doing the action, whether it’s well-intentioned or malign.  If I mean to call my mother back in the US every Sunday, the thought doesn’t count unless I actually follow through and do so.  And if I want to run over a cyclist who’s slowing down traffic, it really doesn’t matter unless I nudge the steering wheel to the left and hit them.  Intent to commit a crime is not the same as the crime itself, until I start taking the steps necessary to perform the crime, such as purchasing explosives or writing a plan to blow something up.  If we were ever to start allowing the use of algoritms to denote who ‘s a potential criminal and treat them as such before they’ve commited a crime, we’ll have lost something essential to the human condition.

A second problem is that the algorithms are going to be created by people.  People who are fallable and biased.  Even if the individual biases are compensated for, the biases of the cultures are going to be evident in any tool that’s used to detect thought crimes.  This might not seem like much of a problem if you’re an American who agrees with the mainstream American values, but what if you’re not?  What if you’re GLBT?  What if you have an open relationship?  Or like pain?  What if there’s some aspect of your life that falls outside what is considered acceptable by the mainstream of our society?  Almost everyone has some aspect of their life they keep private because it doesn’t meet with societal norms on some level.  It’s a natural part of being human and fallable.  Additionally, actions and thoughts that are perfectly innocuous in the US can become serious crimes if you travel to the Middle East, Asia or Africa and the other way as well.  Back to the issue of sexual orientation, we only have to look at the recent Olympics and how several laws were passed in Russia to make non-heterosexual orientation a crime.  We have numerous examples of laws that have passed in the US only later to be thought to be unfair by more modern standards, with Prohibition being one of the most prominent examples.  Using computer algorithms to uncover people’s hidden inclinations would have a disastrous effect on both individuals and society as a whole.

Finally, there’s the twin ideas of false positives and false negatives.  If you’ve ever run an IDS, WAF or any other type of detection and blocking mechanism, you’re intimately familiar with the concepts.  A false positive is an alert that erroneously tags something as being malicious when it’s not.  It might be that a coder used a string that you’ve written into your detection algorithms and it’s caught by your IDS as an attack.  Or it might be a horror writer looking up some horrible technique that the bad guy in his latest novel is going to use to kill his victims.  In either case, it’s relatively easy to identify a false positive, though a false positive by the a behavioural algorithm has the potential to ruin a persons life before everything is said and done. 

Much more pernicous are false negatives.  This is when your detection mechanism has failed to catch an indicator and therefore not alerted you.  It’s much harder to find and understand false negatives because you don’t know if you’re failing to detect a legitimate attack or if there are simply no malicous attacks to catch.  It’s hard enough when dealing with network traffic to understand and detect false negatives, but when you’re dealing with people who are consciously trying to avoid displaying any of the triggers that would raise alerts, false negatives become much harder to detect and the consequences become much greater.  A large part of spycraft is to avoid any behaviour that will alert other spies to what you are; the same ideas apply to terrorists or criminals of any stripe who have a certain level of intelligence.  The most successful criminals are the ones who make every attempt to blend into society and appear to be just like every other successful businessman around them.  The consequences of believing your computer algorithms have identified every potential terrorist are that you stop looking for the people that might be off the grid for whatever reasons.  You learn to rely to heavily on the algorithm to the exclusion of everything else, a consequence we’ve already seen.

So much of what goes on society is a pendulum that swings back and forth as we adjust to the changes in our reality.  Currently, we have a massive change in technologies that allow for surveillance that far exceeds anything that’s ever been available in the past.  The thought that it might swing to the point of having chips in every persons head that tells the authorities when we start thinking thoughts that are a little too nasty is a far fetched scenario, I’ll admit.  But the thought that the NSA might have a secret data center in the desert that runs a complex algorithm on every packet and phone call that is made in the US and the world to detect potential terrorists or criminal isn’t.  However well intentioned the idea might be, the failings of the technology, the failings of the people implementing the technology and the impacts of this technology on basic human rights and freedoms are something that not only should be considered, they’re all issues that are facing us right now and must be discussed.  I, for one, don’t want to live in a world of “thought police” and “Minority Report“, but that is where this slippery slope leads.  Rather than our Oracle being a group of psychics, it might be a computer program written by … wait for it … Oracle.  And if you’ve ever used Oracle software, that should scare you as much as anything else I’ve written.

 

No responses yet

Jan 05 2014

Much needed vacation

Published by under General,Personal,Risk

I’m back after a two week self-inforced haitus from all things security and work related.  For the last 14 days, I haven’t checked emails, I haven’t been on twitter, I haven’t checked the news, I haven’t read the news sites.  I’ve simply spent time with my family, played Minecraft, watched anime and eaten my way through the Christmas holidays.  And there was gifts in there somewhere as well.  Vacation started as a weekend in Munich, but the vast majority of it was spent at home near London with no deadlines, except a couple of shopping trips with the wife and kids.  All in all, it was one of the most relaxing times I’ve had in years.  And it was sorely needed.

All jobs are stressful to one degree or another, it’s just a fact of life.  But security is a more stressful job then most.  I’ve done a few panels with other security professionals talking about the stress we face, and we’ve done (okay, mainly folks like Jack Daniel and K.C. Yerrid have done) some research into it and found that our high stress is an actual fact, not just something we say to make ourselves feel more important.  Our chosen career is difficult to be good at, we’re constantly under multiple conflicting demands and it almost never slows down.  Is it any wonder that we feel stressed?

It’s almost a joke when you talk to security professionals about substance abuse in our industry.  It’s nearly expected of people to get stupid at conferences.  But it’s not a joke at all, something that was graphically illustrated by the loss of Barnaby Jack last year.  Substance abuse may not be an industry wide problem, but it’s definitely something that we need to be aware of.  I can think of at least half a dozen people who I’ve jokingly made comments about in the last couple of years who might be in real danger.  Most of them know they can come to me if they need support, but I know that’s the best I can do if they don’t want to change.  How many people do you know in a similar position?  Have you expressed concern or at least let them know you will help if they ask?

It’s not my place to get preachy or say I’m any better than anyone else, but I do think we need to be aware and check our own stress levels from time to time.  Let your friends in the industry know you’ll support them if they need help, but more importantly, know when you need to take a break and get away from the  whole scene once in a while.  We do important work, but we can’t do it if we’re too wrapped up in our own problems to function properly.  

Now to get caught up on two weeks of work emails.  Luckily, most of my co-workers took the Christmas holidays off, at least in part, so it won’t be quite as bad as it could be.

No responses yet

Dec 01 2013

Security in popular culture

One of the shows I’ve started watching since coming to the UK is called “QI XL“.  It’s a quiz show/comedy hour hosted by Stephen Fry where he asks trivia questions of people who I assume are celebrities here in Britain.  As often as not I have no clue who these people are.  It’s fun because rather than simply asking his questions one after another, the group of them riff off one another and sound a little bit like my friends do when we get together for drinks.  I wouldn’t say it’s a show for kids though, since the topics and the conversation can get a little risque, occasionally straying into territory you don’t want to explain to anyone under 18.

Last night I watched a show with someone I definitely recognized: Jeremy Clarkson from Top Gear.  A question came up about passwords and securing them, which Clarkson was surprisingly adept at answering, with the whole “upper case, lower case, numbers and symbols” mantra that we do so love in security.  He even knew he wasn’t supposed to write them down.  Except he was wrong on that last part.  As Stephen Fry pointed out, “No one can remember all those complex passwords!  At least no one you’d want to have a conversation with.”

Telling people not to write down their passwords is a disservice we as a community have been pushing for far too long.  Mr. Fry is absolutely correct that no one can remember all the passwords we need to get by in our daily life.  I don’t know about anyone else, but I’ll probably have to enter at least a dozen passwords before the end of today, each one different, with different levels of security and confidentiality needed.  I can’t remember that many passwords, and luckily I don’t have to since I use 1Password to record them for me.  

But lets think about the average user for a moment; even as easy as 1Password or LastPass are to use, they’re probably still too complex for many users.  I’m not trying to belittle users, but many people don’t have the time or interest to learn how to use a new tool, no matter how easy.  So why can’t they use something they’re intimately familiar with, the pen and paper?  The answer is, they can, they just have to learn to keep those secrets safe, rather than taping the password on a note under their keyboard.

We have a secret every one of us carry with us every day, our keys.  You can consider it a physical token as well, but really it’s the shape of your keys in particular that are the secret.  If someone else knows the shape of your keys, they can create their own and open anything your keys will open.  This is a paradigm every user is familiar with and they know how to secure their keys.  So why aren’t more of us teaching our users to write down their passwords in a small booklet and treat it with the same care and attention they give their keys?  Other than the fact it’s not what we were taught by our mentors from the beginning, that is.

A user who can write down their passwords is more likely to choose a long, complex passsword, something they’d probably have a hard time remembering otherwise.  And as long as they are going to treat that written password as what it is, a key to their accounts, then we’ll all end up with a little more security on the whole.  So next time your preparing to teach a security awareness class, go back to the stationary store and pick up one of those little password notebooks we’ve all made fun of and hand them out to your users, but rememind them they need to keep the booklet as safe as they do their other keys.  If you’re smart, you’ll also include a note with a link to LastPass or 1Password as well; might as well give them a chance to have even a little better security.

3 responses so far

Nov 17 2013

Using the Secret Weapon

Published by under Cloud,Personal,Simple Security

I’m not the most organized person in the world; I never have been and I never will be.  But I’ve usually been able to keep a modicum of organization in my life by using pen and paper and a notebook.  Sometimes things would fall through the cracks, as happens to everyone, but I can normally keep up.  Lately though, that hasn’t been true.  Since moving to the UK and expanding my role there, I have so much on my plate that just keeping up with tasks has been a major issue.  So I did what any good security geek does, I asked on Twitter about the tools others are using and how they use it to track their todo list.  By some margin, the biggest response I got was Evernote and The Secret Weapon.

Evernote is a free, with upgrade to premium, note taking/scrapbooking/catch-all program that’s been around for a few years.  I’d signed up when it first came out, but never really understood how to use it for myself.  The Secret Weapon isn’t a piece of software, but instead a way to use Evernote with your email and the Getting Things Done (GTD) system.  Basically, there are a set of tutorials on the Secret Weapon site that walk you through how to set up Evernote and your email and how to use the system going forward.  In all, you can watch the videos in about an hour, though I’d suggest you watch the first few, let it percolate for a little while, watch one or two more, etc. until you’ve watched them all over a few days.  It gives you a very good point to start from for using this system.

Like many people, I’ve had to modify the GTD/TSW methodology to meet my own needs and work style.  I’ve been using a number of the GTD principals for some time without realizing it.  I’m using Mail.app on OSX which allows me to use Smart Mailboxes to tag and flag emails, but I leave them in my inbox, which acts as my archive folder.  And since I’m using Mail, I don’t have the easy integration that would be available if I was using Outlook.  But then I’d have to use Outlook, so I consider manually cutting and pasting into tasks in Evernote to be the lesser of two evils.

Once you’ve set up the system, getting hooked on the organization it gives you is incredibly quick.  I love that I can tag my todo list by priority, project, people involved and any number of other aspects.  I love being able to tell at a glance exactly which projects I should be working on today and knowing that I haven’t forgotten anything major (unless I’ve forgotten to enter it into Evernote). And I’ve started to take more and more of my meeting notes in Evernote as well, though using a keyboard instead of pen and paper can be a bit distracting for me as well as those around me.

And then there’s the downsides.  The biggest concern I have by far is the security of Evernote; you can’t encrypt your notes except individually, which is unrealistic if you have dozens or hundreds of notes, which is bound to be the case once you’ve been using it for a while.  Evernote does have a two-factor authentication capability, but I have yet to try it and I’m not sure I can use it given the amount of travel I do; I never know how much connectivity I’m going to have on any given day.  Evernote has both iOS and Android applications available and I’m starting to dip my toes into them, but quite frankly they both seem to be pretty hard to use, other than for checking the status of your projects.  I’m not very satisfied with the user interface with either operating system and don’t know if I have the patience to deal with them.

The other piece of software that several people suggested I try is Omnifocus.  It also offers integration with iOS devices, but both the desktop and phone/tablet versions are pay for.  And there’s no Android support for the program, which is a pain for me as I have an Android phone and I’m shifting to using my Nexus 7 more than my iPad as time goes by.  

The bottom line for me is that TSW and Evernote works well, but I’m very concerned about having my organizational matrix on the Internet in a way that is much less secure than it could be.  I’d upgrade to a premium account if that’s what it took me to get that encryption and I may end up upgrading since I’m using it so much anyway.  I’m not sending my email to Evernote wholesale as is suggested by TSW tactics, so I feel less uncomfortable than I could be, but I’m still not happy with this security lapse.  

Let me know what your experience has been using Evernote and The Secret Weapon.

 

2 responses so far

Oct 23 2013

Why bother?

Published by under Personal,Privacy

I woke up this morning with a rant running through my mind.  Which is nothing unusual, by any stretch of the imagination.  I often rant, in person, on the blog, and on the podcast.  People almost expect it of me.

The difference this morning is I asked myself, “Why bother?”

Ranting isn’t going to change anyone’s mind.  The people who hold views similar to mine will nod and agree or, rarely, comment on the blog.  But it won’t change anything.  The people who hold opposing views will shake their heads and discount my opinions, or, rarely, comment on the blog.  But it won’t change anything in their minds either.

I’m currently suffering a crisis of faith; in our corporations, in our governments and in humanity.  We’re rapidly approaching an inflection point where we have to decide if we’re going to accept a world where our corporations and our governments monitor our every movement and action, or not.  Or perhaps we’ve already passed the inflection point and we just haven’t realized the implications yet.  In either case, the vast majority of people don’t even know there’s a decision being made that affects their future, as well as the future of their descendants.  Of course, such decisions are being made every day that most of us will never be aware of.

Part of me wants to lead a charge on the governments and corporations of the world in an attempt to recover some of the concepts of privacy we’ve lost in the last two decades.  But another part of me realizes the idea of privacy as we used to know it is dead and gone, it’s bones picked clean for the sake of social media and by the excuse of ‘national security’.  So how do we adjust our thinking to a new world and create a new type of privacy that limits the power of corporations and governments while still enabling social media and national security?  Especially when we live in a world where the vast majority of people don’t even understand there is a battle going on and the dangers opening up our lives to these forces pose.

I don’t know the answer, I don’t have a victory condition to fight for in this battle, or at least not one that’s realistic and achievable.  And quite frankly I don’t think anyone else does either, other than the short term goal of ‘gather everything’ that our governments and corporations have.  And I doubt even they have more than a vague idea where this will lead.

So that’s my ‘not quite a rant, but really a rant’ for today.  Scott McNealy was right, way back in 1999, when he said “You have zero privacy.  Get over it.”  It’s dead, so how do we change ourselves and the world to deal with this not so new reality?  I don’t know, which frustrates me and makes me want to rant.  Which leads to being marginalized as just another crazy talking about privacy.  So why bother?

Update:  A very timely article, at least for me:  The Real Privacy Problem at the MIT Technology review.  Long, but well worth the read.

2 responses so far

Oct 16 2013

Sometimes it’s just about doing it

Published by under Personal

One of the things I promised myself recently is that I’d write every day when I’m home.  I’d gone so long without writing much that I felt the skills start to atrophy.  It’s not important what I write about or how much I write, it’s the act of writing that I want to force myself to do.  As always with the blog, I assume 90% of what I write is useless dreck, but that last 10% is what makes it all worth it.

In a lot of ways, that’s a good allegory for my life: It’s more important to do, even if I fail, than to not do because I might fail or be embarrassed.  If I let failure stand in my way, I’d never try many of the things I’ve become good at over time.  So instead I force myself to do things that are uncomfortable in the expectation they’ll become more comfortable over time.

It’s not much, but at least I got something written today.  Now off to do something else that makes me uncomfortable: writing a presentation.

One response so far