Blockchain as Defender of the Truth

Scary times with Facebook and Cambridge Analytica in the crosshairs for leveraging “private” information about users.  Other people are freaking out at the amount of data Google has been collecting every time you use an Android phone.  I’m sure Apple is doing the same.

One more negative and then I’ll turn this positive.  Have you seen what AR (Augmented Reality) is doing for our ability to do real-time video editing?  Check out futureoffakenews.com.  This is morphing technology where two things are happening simultaneously.  First, an actor is delivering a speech and his mouth is being superimposed on the mouth of somebody famous.  Second, the actor’s words are being transcoded into the voice and inflection of the famous person.  The complete effect is a little off, but I’m sure the technology will get better every year.  At some point in the not too distant future, we will be able to create fake broadcasts of speeches being delivered in realtime.  One news network will be able to change — in realtime — what their favorite (or least favorite) politician is saying.  What and who do you believe at that point?

Take this down a level to the average citizen.  How do we defend ourselves against:

  • a disgruntled employee creating a fake video of his boss saying something awful,
  • a sexual harassment allegation backed up by fake propositions (or fake consent?),
  • a crooked local sheriff who creates videos of tourists speeding through their town.

One solution might be taking personal control over your already lost privacy.  How about we start encoding all our location data on a blockchain (so it can’t be altered).  If personal location and activity data was captured by each person’s phone and blockchain encoded, then I’d be able to prove I wasn’t at that hotel bar where I supposedly propositioned my female colleague.

How about all surveillance video be blockchain encoded so it can’t be altered.  Build blockchain algorithms into the ASIC that does the compression.  We need some way to ensure that our digital records are real and a blockchain might be just the ticket.

The way we defend the truth might be to memorialize the truth in ways that can be verified as genuine.  That means we need to be OK with the truth, the whole truth, and nothing but the truth being discoverable by both our friends and our foes.  How does that sit with you?

 

Switch to SSL

There are no excuses left.  Every website should be using SSL.  I spent a few hours this weekend and got McVicker Group, McVickerNet, and CodexVT all using a SSL for Free cert.

Not that I do anything super high security on these sites, but it makes me feel better to have an extra layer of identification on my web properties.

Once you have the cert installed, the easiest way to force all your traffic to SSL is by adding the following .htaccess code.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://yourdomain.com/$1 [R=301,L]

Remember to backup your .htaccess file before making changes and swap out “yourdomain.com” in the last line.

If you are running WordPress, you will probably need to update internal links too.  I used a great plugin, SSL Insecure Content Fixer, and let it is fix all content and scripts.

New Verizon Cybercrime Report

Verizon Enterprise does an annual data breach analysis and it is pretty much a gold standard for information and trends in cybercrime.  This year’s report is chock full of easy-to-digest charts and good information.

I recommend everyone who cares about privacy and data security download and read at least the executive summary.

Most interesting statistics to me were:

  • 61% of breaches involved companies with fewer than 1000 employees
  • 81% of hacking breaches involved weak or stolen passwords

Combining those two findings really makes the case that every company should require 2 factor authentication.

Favorite Sessions from Google Next

Well, I got too busy to blog when I returned from Google Next.  Here are some of my favorite sessions.

TensorFlow and Deep Learning without a PhD was definitely worth the price of admission.  Here are the two videos.

Firebase was also super impressive.  My son and I have already built the tutorial chat application and are turning it into a universal translator based on geolocation of clients.

You can subscribe to the Google Next 2017 Channel on YouTube and see all sorts of highlights.

Enjoy!

 

Google Next 2017

I’ve spent the last week in San Francisco at Google Next 2017.  It is nice to be at Moscone for something smaller than DreamForce.  10,000 people this week feels so much more manageable than 140,000 at my last Salesforce.com conference.

Big things coming for G Suite (fka Google Apps).  My favorite new announcement is App Maker.  It is totally Microsoft Access for the web.  You can build web apps using drag and drop and add App-Script where you need something really special to happen.  Only bummer is they are planning on limiting it to G Suite for Business (the $10/user plan).

I’ll do a series of blog posts over the next week with links to my favorite sessions.  Machine Learning is definitely something Google is trying to win.  They rolled out a set of APIs with fully trained models for Speech, Translation, Image Recognition, and even Video Classification.

 

Mobile Work and InfoSec

Here is a great blog post from Malwarebytes about how mobile workers are challenging from an InfoSec perspective. My clients all want to take advantage of anytime – anywhere computing, but it is difficult to maintain security while providing this type of access.

How to secure your remote workers

At the end of the post, there is a list of 8 important elements for protecting mobile workers. I agree with all of them, #8 being less important if you do a good job with #1-#7.

 

Never Hurts to Ask

Yesterday I blogged about my concerns with a free Google Apps extension that required the very scary googleapis.com/auth/drive permission. When you give a Google Apps extension this permission, it can read, write, or delete any documents you have access to in Google Drive.

I inquired why the extension needed so much authorization, and the developer replied quickly. He agreed! The permission was only required for a specific feature that didn’t seem super important for the free version.  So he removed the feature and permission requirement. In less than 24 hours!

Three take-aways for me:

  1. Use your brain when giving an app or website permission to access your information in the cloud. Why do they need the authorization they are requesting? This is particularly true when using Facebook or Google+ to login to other sites.
  2. Push back, you never know when you’ll find somebody reasonable on the other end. Or maybe you will learn more about why the authorization is necessary.
  3. Definitely try ProjectSheet Planning from forScale and support reasonable developers who understand cloud security concerns.

Now I’m happy and can white list the extension for my company to use.

Trusting the Cloud

I’m a big advocate of cloud data security. Cloud service providers are, in general, better at security than their customers. So your data is safer in the cloud than it is on your local machine or network.

This is what you need to make a GANTT chart?
This is what you need to make a GANTT chart?

However, it doesn’t feel that way, does it? Yesterday a colleague showed me a cool plug-in for Google Sheets that creates simple GANTT charts using spreadsheet data. When I installed the plug-in, it prompted me for the permissions it needed to function. Take a look at the list on the right (click to enlarge).

  1. Know who you are on Google
  2. View your email address
  3. View and manage spreadsheets that this application has been installed in.
  4. View and manage the files in your Google Drive
  5. View and manage data associated with the application
  6. Allow this application to run when you are not present
  7. Connect to an external service

Numbers 1 to 3 are not a big deal to me. I’m happy to have this plug-in work on the files where I use it. Number 4 is scary: this plug-in can look at ALL my google drive files. Number 6 and 7 make it even scarier: this thing can run whenever it wants and connect to an external service.

This plug-in appears fine today. But tomorrow, an evil developer could change their software without telling anyone. The software could start to scan any of my Google Drive documents and send that data to an external service.

I’m going to do more research on these permissions and see if my concerns are real or just cloud paranoia. Stay tuned.

Pragmatic and More

I came across a great blog post about startups through a friend of mine. He helped me start (and stop) a company with some similarities to ContractBlast.

https://medium.com/startup-lesson-learned/why-i-turned-down-500k-pissed-off-my-investors-and-shut-down-my-startup-2645c4ca1354#.f1fvf6tm9

My filter for startup ideas typically revolves around the Pragmatic Marketing dogma. There are 3 critical hurdles a new idea needs to clear.

  1. The problem I’m going to solve is pervasive in an industry. Lots of people have the problem and can quickly realize it as a problem if approached with my solution.
  2. The problem is urgent. Solving it provides immediate benefit. Waiting to solve it is a real threat to the customer’s business.
  3. The customer is willing to pay. This is where my buddy and I fell down last time. We created a great productivity tool and everyone agreed on the benefits, but it had a “should be a free app” feel.

ContactBlast missed on #2: solving the problem of contracting efficiency wasn’t urgent. The benefit would be realized over the long term, but that meant a longer sales cycles and greater commitment from customers.

Using the Pragmatic filters can sound discouraging for entrepreneurs, but I find it the opposite. The filters keep me refining my ideas until they meet all 3 conditions, and that can save a huge amount of time, money and energy.

Salesforce Makes Sense

I’ve been working with Salesforce.com since 2005 and I’ve made a few eyebrow raising comparisons over the years…

Salesforce is like Microsoft Access on the web. It lets IT Admins create applications that scale.

or

Salesforce is the least powerful, most expensive on-demand platform in the world.

Here is the crazy part. I meant it all as a compliment! Salesforce figured out early on that regular business people, not software engineers, are the ones who know their business best.  Giving non-developers the ability to customize or even create applications is worth a lot to a profitable company.  Hence Salesforce costs more in every dimension (per user, per GB, etc.) than other platforms.

Wait, not every dimension. I’m betting that total cost of ownership (TCO) is lower on most Salesforce.com apps. If you’ve got a problem that fits the Salesforce UI paradigm, then it definitely saves money over Amazon or Google App Engine.

The most recent example is Salesforce rolling out Lightning (Aura framework) capabilities with a super secure container configuration called LockerService. This is great news because it prevents less skilled developers from accidentally creating security holes.

So when comparing TCO for on-demand platforms, make sure you are taking into account security, implementation, and support costs. You’ll be surprised how cost effective Access for the Web can be.