Blockchain as Defender of the Truth

Scary times with Facebook and Cambridge Analytica in the crosshairs for leveraging “private” information about users.  Other people are freaking out at the amount of data Google has been collecting every time you use an Android phone.  I’m sure Apple is doing the same.

One more negative and then I’ll turn this positive.  Have you seen what AR (Augmented Reality) is doing for our ability to do real-time video editing?  Check out futureoffakenews.com.  This is morphing technology where two things are happening simultaneously.  First, an actor is delivering a speech and his mouth is being superimposed on the mouth of somebody famous.  Second, the actor’s words are being transcoded into the voice and inflection of the famous person.  The complete effect is a little off, but I’m sure the technology will get better every year.  At some point in the not too distant future, we will be able to create fake broadcasts of speeches being delivered in realtime.  One news network will be able to change — in realtime — what their favorite (or least favorite) politician is saying.  What and who do you believe at that point?

Take this down a level to the average citizen.  How do we defend ourselves against:

  • a disgruntled employee creating a fake video of his boss saying something awful,
  • a sexual harassment allegation backed up by fake propositions (or fake consent?),
  • a crooked local sheriff who creates videos of tourists speeding through their town.

One solution might be taking personal control over your already lost privacy.  How about we start encoding all our location data on a blockchain (so it can’t be altered).  If personal location and activity data was captured by each person’s phone and blockchain encoded, then I’d be able to prove I wasn’t at that hotel bar where I supposedly propositioned my female colleague.

How about all surveillance video be blockchain encoded so it can’t be altered.  Build blockchain algorithms into the ASIC that does the compression.  We need some way to ensure that our digital records are real and a blockchain might be just the ticket.

The way we defend the truth might be to memorialize the truth in ways that can be verified as genuine.  That means we need to be OK with the truth, the whole truth, and nothing but the truth being discoverable by both our friends and our foes.  How does that sit with you?

 

Switch to SSL

There are no excuses left.  Every website should be using SSL.  I spent a few hours this weekend and got McVicker Group, McVickerNet, and CodexVT all using a SSL for Free cert.

Not that I do anything super high security on these sites, but it makes me feel better to have an extra layer of identification on my web properties.

Once you have the cert installed, the easiest way to force all your traffic to SSL is by adding the following .htaccess code.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://yourdomain.com/$1 [R=301,L]

Remember to backup your .htaccess file before making changes and swap out “yourdomain.com” in the last line.

If you are running WordPress, you will probably need to update internal links too.  I used a great plugin, SSL Insecure Content Fixer, and let it is fix all content and scripts.

New Verizon Cybercrime Report

Verizon Enterprise does an annual data breach analysis and it is pretty much a gold standard for information and trends in cybercrime.  This year’s report is chock full of easy-to-digest charts and good information.

I recommend everyone who cares about privacy and data security download and read at least the executive summary.

Most interesting statistics to me were:

  • 61% of breaches involved companies with fewer than 1000 employees
  • 81% of hacking breaches involved weak or stolen passwords

Combining those two findings really makes the case that every company should require 2 factor authentication.

Favorite Sessions from Google Next

Well, I got too busy to blog when I returned from Google Next.  Here are some of my favorite sessions.

TensorFlow and Deep Learning without a PhD was definitely worth the price of admission.  Here are the two videos.

Firebase was also super impressive.  My son and I have already built the tutorial chat application and are turning it into a universal translator based on geolocation of clients.

You can subscribe to the Google Next 2017 Channel on YouTube and see all sorts of highlights.

Enjoy!

 

Google Next 2017

I’ve spent the last week in San Francisco at Google Next 2017.  It is nice to be at Moscone for something smaller than DreamForce.  10,000 people this week feels so much more manageable than 140,000 at my last Salesforce.com conference.

Big things coming for G Suite (fka Google Apps).  My favorite new announcement is App Maker.  It is totally Microsoft Access for the web.  You can build web apps using drag and drop and add App-Script where you need something really special to happen.  Only bummer is they are planning on limiting it to G Suite for Business (the $10/user plan).

I’ll do a series of blog posts over the next week with links to my favorite sessions.  Machine Learning is definitely something Google is trying to win.  They rolled out a set of APIs with fully trained models for Speech, Translation, Image Recognition, and even Video Classification.

 

Trusting the Cloud

I’m a big advocate of cloud data security. Cloud service providers are, in general, better at security than their customers. So your data is safer in the cloud than it is on your local machine or network.

This is what you need to make a GANTT chart?
This is what you need to make a GANTT chart?

However, it doesn’t feel that way, does it? Yesterday a colleague showed me a cool plug-in for Google Sheets that creates simple GANTT charts using spreadsheet data. When I installed the plug-in, it prompted me for the permissions it needed to function. Take a look at the list on the right (click to enlarge).

  1. Know who you are on Google
  2. View your email address
  3. View and manage spreadsheets that this application has been installed in.
  4. View and manage the files in your Google Drive
  5. View and manage data associated with the application
  6. Allow this application to run when you are not present
  7. Connect to an external service

Numbers 1 to 3 are not a big deal to me. I’m happy to have this plug-in work on the files where I use it. Number 4 is scary: this plug-in can look at ALL my google drive files. Number 6 and 7 make it even scarier: this thing can run whenever it wants and connect to an external service.

This plug-in appears fine today. But tomorrow, an evil developer could change their software without telling anyone. The software could start to scan any of my Google Drive documents and send that data to an external service.

I’m going to do more research on these permissions and see if my concerns are real or just cloud paranoia. Stay tuned.

Pragmatic and More

I came across a great blog post about startups through a friend of mine. He helped me start (and stop) a company with some similarities to ContractBlast.

https://medium.com/startup-lesson-learned/why-i-turned-down-500k-pissed-off-my-investors-and-shut-down-my-startup-2645c4ca1354#.f1fvf6tm9

My filter for startup ideas typically revolves around the Pragmatic Marketing dogma. There are 3 critical hurdles a new idea needs to clear.

  1. The problem I’m going to solve is pervasive in an industry. Lots of people have the problem and can quickly realize it as a problem if approached with my solution.
  2. The problem is urgent. Solving it provides immediate benefit. Waiting to solve it is a real threat to the customer’s business.
  3. The customer is willing to pay. This is where my buddy and I fell down last time. We created a great productivity tool and everyone agreed on the benefits, but it had a “should be a free app” feel.

ContactBlast missed on #2: solving the problem of contracting efficiency wasn’t urgent. The benefit would be realized over the long term, but that meant a longer sales cycles and greater commitment from customers.

Using the Pragmatic filters can sound discouraging for entrepreneurs, but I find it the opposite. The filters keep me refining my ideas until they meet all 3 conditions, and that can save a huge amount of time, money and energy.

Father of Bitcoin?

Australian Chris Wright has claimed to be Satoshi Nakamoto — the creator of Bitcoin. If true, this puts an end to one of the biggest cyber mysteries of the 21st century.

http://www.economist.com/news/briefings/21698061-craig-steven-wright-claims-be-satoshi-nakamoto-bitcoin

The Bitcoin faithful will spend the next year on conspiracy theories, but I’m guessing the Economist and BBC did their homework before publishing.

If Chris Wright is Satoshi, then I’d love to hear his take on Bitcoin being the payment method of choice for illegal activity like ransomeware and money laundering.

UPDATE May 24, 2016: The hoax is on.  Or is it?  Check out how Wright is keeping the story alive.  Lots of room for belief and disbelief.

How Craig Wright Privately ‘Proved’ He Created Bitcoin

 

Three Lessons from the NFL Draft

It should have been a great night for Laremy Tunsil, the offensive lineman from Ole Miss. He was drafted #13 by the Miami Dolphins in the 2016 NFL Draft.

Unfortunately, his Twitter and Instagram accounts where “hacked”.  Looks to me like somebody got access to his iPhone. Three possible lessons from an information security perspective:

  1. Make sure you have a passcode or biometric security on your phone. Nobody should know your code; not your best friend, not your girlfriend, not your kids, maybe your spouse.
  2. Strong, unique passwords and two factor authentication can prevent somebody who discovers one password (like Twitter), from logging into other accounts (like Instagram). Of course this doesn’t matter if a mean person has your unlocked phone.
  3. Never post anything to social media unless you’d be happy to see it on the front page of the NY Daily News.

http://www.nydailynews.com/sports/football/laremy-tunsil-twitter-shows-man-smoking-bong-nfl-draft-article-1.2618248

There are lots of other lessons to be gleaned from this incident. I’ll leave that to the sports writers.  However, I hope the media shines a spotlight on the system and not just a kid who accidentally disclosed the realities of high stakes college athletics.

OSX Mavericks All Systems Go

I upgraded my MacBook Air 2012 last night and everything went smoothly.  I left my Thunderbolt displayed plugged in but didn’t have any ill side effects.

Initial observations using OSX Mavericks:

  • Everything feels a little faster, starting apps, Finder
  • Everything works – exception being the WP editor in v3.6 – no bullets
  • Parallels 9 and Parallels Access is fine
  • RoboForm is still fine
  • PyCharm needed to install Java 6 SE to start
  • Office 2011 (mac) runs fine

Wonder what it would have cost to have Apple do the ACA website rollout?