Category Archives: Technology

“Hi We’re from the Government, We’re Here to Help You”

Yesterday the President announced a new executive order “to promote information-sharing within the private sector and with the government” around cybersecurity (I HATE that term).

I work in the private sector he’s talking about and have for nearly 20 years now. And I’ve seen and been part of a lot of really important collaboration and information sharing between government agencies and the private sector.

So I generally think this sort of thing is a good thing. The bad guys of all stripes always benefit when dealing with divided defenders.

But I don’t think this can and will be as successful as it could be or needs to be.

Because the fact is that in the security and privacy community, there’s a lot of lingering suspicion and bad feeling around the activities that government agencies are alleged to have engaged in as a result of the Snowden disclosures.

Information sharing will only happen and so only works where there’s trust. And a lot of people I know in the security and privacy space lost a lot of trust in the US government in the wake of those claims.

And that trust hasn’t been rebuilt or regained at all because there still hasn’t been an upfront discussion about what is and isn’t going on. And in that vacuum, a lot of people are assuming the worst, rightly or wrongly.

I’ve taken a very moderate stance on this all myself. I’ve worked with some very good people with intelligence backgrounds so don’t fall into the facile “the NSA is evil camp”. But I also don’t fall into the other, “the NSA can do no wrong” camp either. My views are more nuanced with an underlying respect, gratitude and appreciation for those people willing to do hard, thankless work to protect us (having done a lot of that myself).

Regardless of my own views on this all though, the fact remains that for any information sharing program to succeed, there has to be trust. And it’s hard to argue there’s trust to fuel information sharing when one of the biggest, most important players is involved in a lawsuit to prevent having to disclose information it believes it shouldn’t have to.

In the end, it’s too bad because the horrible way the Snowden disclosures have been handled in terms of a response will undermine what is an important initiative that ultimately will benefit everyone.

This is yet another example that how you handle and respond to what you do is at least (if not more) important than what you do itself.

A Trip to the Doctor

Or, more accurately, the local urgent care clinic.

I had to make a trip there today to get looked at for the latest crud that I’ve been battling for the last week.

My check-in was a good example of how you have to be assertive to protect your security and privacy these days. Sometimes, very uncomfortably so.

While I was doing the usual check-in paperwork, the admissions clerk asked me, “Can I get your driver’s license to scan please?”

I asked, “why do you need that?”

She replied, “Because the copy we have is expired.”

I looked puzzled and she rotated her monitor for me to see the black and white scanned copy of my old, expired license.

It’s been years since I’ve been here, but I don’t remember them ever telling me they were taking a scan of my driver’s license on check-in. Probably one time when I was sick I wasn’t paying enough attention to ask my usual “Why do you need it, what are you going to do with it” questions.

I explained to her that I wasn’t comfortable with her taking a scan. I was happy, I said, to show it to them, but not to retain a copy.

She then said that the point was to protect my identity. I said, I understand but holding that information is itself a threat to my identity. I said, when this clinic’s information is stolen like Anthem’s was it will be harder to steal my identity since they won’t have my drivers’ license.

She said she understood and we moved on in the check-in process.

Later, I was chatting about identity theft to try and lighten things after having to say “no”. While we were talking she told me how she was herself the victim of identity theft. Someone stole mail out of her mailbox and was able to steal her identity. She said it was finally cleared up but it took years and included a knock at the door at 3AM from a sheriff looking to serve a warrant on her meant for the identity thief.

It was a good exercise in real world security and privacy protection. It underscores how you have to be active and sometimes push back, even to the point of seeming like you’re being difficult. It underscores too how you have to always be paying attention since I can’t recall how they got my old driver’s license into the system in the first place. And it also shows that identity theft is very real, very prevalent, very hard to untangle, and has nasty consequences. Finally, it reminds me that we can’t just focus on the digital side of things. Physical mail theft and phone scams are old but still delivering; so they’re still active threats.

It really reinforces the fact that I think real-time identity theft monitoring and monthly checking of accounts and records are critical for all of us.

It really is dangerous out there. It really is hard to do the right thing, even when you know what it is.

At least some of us have job security.

Interviews on the Anthem Data Breach

I had a chance recently to talk with reporters from the Associated Press and the Hill about the recent Anthem data breach and what that means for online security and privacy for healthcare and what people need to know about it.

Is your doctor’s office the most dangerous place for data?

Anthem hack raises ObamaCare concerns

Hello Old Friend, Hello New Friend

I’ve said that I expected to be posting again soon and today is as good a day as any.

As I said there, one reason for this blog being on hold is because of an issue affecting my (rather large) music library.

The short version of what happened is that in Spring 2011, I learned the hard way that Macs handle copying directories differently than Windows machines. This led to the loss of an unknown amount of my digital music library. I was able to recover all online purchases (as far as I can tell) but not the copied CDs. Since I didn’t know what I lost I decided to redo all my CD copying, this time using the highest possible bitrate and MP3 format.

I also decided to blow away my old playlists and build new ones. I felt I wasn’t finding things that I had and maybe new playlists would help.

This project is finally nearly done. There were some things that came up that put it on hold too. But after a year and a half of separation, I feel like I have my library back once again. Better yet, I discovered that you can now create nested folders in iTunes, which enables me to really organize things so I can find them.

The act of copying and building new playlists has been a very instructive one for me. It’s forced me to go through and relearn what I have, much of which was present but hidden due to the bad old playlist structure and iTunes inherent weakness in dealing with classical music.

On a side note, I may do a post here just talking about what I’ve learned about managing a large iTunes library. Oddly, it seems there’s little information out there these days. It’s like iTunes stopped growing in 2007.

As long and painful a process as it has been to rebuild my library, I’m actually grateful for the exercise. I’ve had a chance to rediscover old friends that I’d forgotten. I’ve also found new friends: pieces that I had bought but hadn’t listened to much because I just couldn’t find them.

In a way, I feel like I woke up one day and was given a gift of a new, large, diverse music library to explore and discover.

Given that I view this blog as a musical travel blog that actually works well. Not only can I document my explorations in finding new music: I can document my explorations through my new(ly recovered) music library.

As I work to get into the practice of writing more regularly again, this is a double blessing to me. Not only do I have the gift of this library, but I have the gift of it as a topic for writing.

Further proof that good does come out of bad.

Physical Recovery: Burning the Boats

This is a post that I has been a long time coming. A very long time coming.

Four years ago, I decided to finally start exercising in earnest. My goal was to be in better shape at 40 come my birthday in November than I ever had been.

You have to understand that physical exercise and sports have always been problematic for me. Being of a bookish sort growing up and poorly coordinated as a kid, I wasn’t good at sports or physical activity, didn’t enjoy it and was always the last kid picked.

So while I’ve never been in terrible shape, I’d never been in good shape. And I never really felt physically attractive as a result. So, to say I have body and body image issues is a bit of an understatement.

But four years ago, I was determined to FINALLY get over the hump and so I applied myself in earnest. Without boring you with the details, I will say that I succeeded and continued. By January/February 2009 I was feeling downright fit and attractive.

And then I got sick for a month. And while sick, I had one of the worst crises I ever managed for work come up. Indeed, to this day I maintain that crisis is the one that broke me finally. And so, the exercise fell by the wayside. Missed days turned into missed weeks turned into missed months. Every now and again I would try to restart but I just couldn’t. I was so mired in work and the misery of work, I was so deeply depressed I just couldn’t. And too, as time dragged on, the first changes I associated with the stage of life I call the Crucible were starting.

If you’ve read this blog (or at least the posts tagged the Crucible) you know what comes next: continued losses, leaving work, healing and recovery.

But no exercise. No, I haven’t been able to get to that one.

I had hoped to jump on that when I left work. In fact, I had a grand plan to restart this program the first business day I was free. But I didn’t. I just slept. For months I slept, did some work, and otherwise just didn’t do a lot. In retrospect I think it was a period of major depression-cum-recovery. It’s not unusual for where I worked: I hear people take months or even years to recover. I guess I’m no better or worse than them.

But while I never got to it, the wish never went away. I remember how I felt and looked and wanted to get back to it. And too, Aurora has done her own work around health, fitness and recovery and while I couldn’t do the same myself, that was (and is) a sign of hope and inspiration for me. It also has reminded me that it’s a long, slow, methodical project. And so, in a way, with that knowledge I haven’t pushed myself to start but instead have been waiting and listening for when I might be ready.

A few months ago, I set myself a new, realistic goal around exercise. That by the time I turn 45, I want to be in better shape than I was when I turned 40. That’s well over a year and one that I think is realistic and optimistic.

But I still haven’t started. I’ve planned to plan to plan, if you will. This summer has been busy with a lot of change, loss and adjustments. And it’s been a summer of physical pain and illness for me: one of the worst times I’ve had in quiet a while.

But, as I noted in a recent post, I’m feeling better. Not better enough to run a marathon but better. And thoughts about practices, routines, exercice have all been slowly coming together…circling high overhead like hawks (or vultures I suppose :)).

And so, last night, while Jena and I were out watching Robot and Frank, I felt some more pieces snap into place. Without giving away the film, suffice it to say that a theme in it is the loss and recovery of physical and mental capabilities as we age. That resonated with me greatly. And related to that, there were points made about the importance of routines and exercise. And in the film we see those benefits as part of the recovery of lost physical and mental capabilities.

And so, today, I am moved to take more steps down the road of recovery. I’ve spent the morning doing some of the preliminary work I need to get my exercise routine going once again. I have been slowly altering my schedule to ease into something more structured and am thinking further about what that looks like. And, as part of that preliminary work, I just did weights and measures to assess my current physical condition.

Bad news: I’m in worse shape than I was when I started the first time 4 years ago.

Good news: It will make the success all the greater when I get to where I want to be.

Seeing this made concrete like this makes me sad. It makes me recognize another loss from my old job. The last two years there and their impact on me erased all the work I did before and took me to an even worse place than I was before. Another reason I am glad I’m gone from there: there is no way I could work to get myself back and go where I want to if I were there.

And it makes me glad to have the love and support and inspiration that I do from Jena and Aurora and my wife. They have all stood by me and helped me in different and important ways throughout this incredibly hard time. And as I take further steps forward I know that I’ll need their help and support all the more: I am truly blessed to have that in my life. Indeed, sometimes (many times) I find myself wondering how I came to be so fortunate and blessed. Somewhere, growing up, I believed I was supposed to be alone and miserable: I never would have believed or hoped for the love I have in my life.

And so, in keeping with the forward looking focus I’m trying to maintain, I am writing today to get out there some of my further thoughts for where I want to go forward in my life. I title this “Burning Boats” because of the apocryphal story of the conquistador Cortez burning his ships in the new world. Though likely false, it is a good story about taking action that prevents you from changing course, retreating or otherwise backing down. For me, talking about this plan is “burning the boats”. I am vain and I don’t like to admit failure. If I say publicly that I’m going to do something, I’m committing myself to it irrevocably. And so, the time writing this is also part of my preparation.

It’s not going to go quickly, it’s not going to happen quickly. I have much further to go physically and mentally than I did before. And last time it took a while. But, I do believe that this is taking me to places much better than I ever could have imagined before all this happened 3 – 4 years ago. I am free from that horrible work place and have my life back, I have Aurora in my life, Jena is out here at long last, my relationship with my wife is changed but stronger, I spend more time with my remaining pets, and I increasingly have a sense of who I am and want to be. So, despite the worries and challenges, I really do think things are moving forward and that life is good.

And even when it’s not feeling like that, I have to remember that for me it’s important to take the words of Winston Churchill to heart and “KBO”. Because one thing I learned last time is that movement, exercise and physical activity are important elements in mood management for me.

The Unalienable Right to be Stupid

We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness. – United States Declaration of Independence

….and to do stupid shit when young and not pay for it for the rest of their lives. – Me

This is a posting I’ve had kicking in my head for a few weeks. I first thought of it in the wake of the Kristen Stewart furore. Now that there’s a new uproar, over semi-naked pictures of Prince Harry of Britain from Las Vegas, it seems like it’s time to vent my spleen.

In my day job, I do work around publicity and press. And I can say based on my years of experience that it’s a hard, mean, brutal and unforgiving world and has only gotten more so year by year. The combined impact of the Internet, social media, mobile computing has been a profound erosion of privacy and explosion of publicity.

I’m also a man of a certain age, which means I (somehow) managed to survive my teens and early twenties. And that means I remember (at least some) of what it’s like to be that age.

When I take those two points and bring them together, I have conclude that there is something profoundly wrong and damaging in how we’re subjecting teens and twenty-somethings to a 24x7x365 social media-driven gossip culture that rests on schadenfreude, tearing people down, and violates that most important and inalienable right young adults have (or should have): the right to be stupid and not pay for it for the rest of their lives.

Let me pause here and be clear that there ARE some stupid acts that should have life-long consequences. Bringing another human being into the world in an unthinking and irresponsible way, killing someone because you’re driving in a preventable, impaired state: all of these can and should have profound, life-long consequences because they cause profound, life-changing effects and often great pain to others. But, the covert optimist in me still believes that the majority of teens and young adults do mean well and don’t do things like this.

But certainly, these years are hard, confusing years for everyone. I’ve described hitting adolescence as you being given the keys overnight to a fully functional Ferrari without ever really getting driving lessons. Nearly overnight, your body goes from a child’s body to a near-adult’s body, with all the capabilities, hormones, emotions and feelings that entails. You get that all at once with no ease-in time, no training. And anyway there is no training that can prepare you since we’re talking about what you feel. The grown-ups can describe sex all they want but nothing can prepare you for the feeling of that first orgasm (and the near obsessive need to have more once you have it). Talk is cheap and sometimes downright useless.

Add to this it’s a time of increasing independence (by desire and cultural design) and you’ve got a period of life where there’s going to be a lot of swerving, bad turns, inelegant starts and stops. And yes, accidents, both fender benders and serious crack-ups.

It’s a time that is so hard to begin with that putting actions during that time into the public gossip machine is beyond cruel. And as a society, it’s unwise. If we don’t want a society of passive cowards we have to honor the need for experimentation and yes, failure, by giving people space to fail and to recover. Creating a society that harshly enshrines a culture of one wrong move and you’re done is a sure way to make everyone conform, follow the path of least risk and resistance and take no chances.

And anyway, it’s not fair to judge what people do in this time. It’s arguable if it’s ever fair to judge but certainly it’s not at this age. How many times do I remember the rational part of my brain futilely trying to call me back from the edge of a bad decision, only to be muffled and drown in a rising flood of seminal fluid and sex hormones? At that age you can know what the right thing is and still be unable to do it. You are like the person in the back seat screaming while the crazy driver goes barreling down the highway laughing at the death that you’re sure is coming for you soon: helpless, terrified and doomed.

The funny thing is, relative to my peers, I was good, smart, responsible, and considerate. And yet, even I did some stupid, stupid shit. For me, my stupid shit tended to center around sex (not surprisingly) and was key in my figuring out that I was a failure with monogamy. There was the time I cheated on my girlfriend within days of her going home from college and ended up cheating with three different people in two months (and likely would have with more given the opportunity). I actually ended up in Seattle as a direct result of that period but I sure wouldn’t want any part of that story to be plastered on Google news. Hell, I’m not even sure how I feel about mentioning it here, but it’s been over 20 years and maybe that summer of spectacular failure can give me some credibility on this topic.

Maybe I feel strongly about this because both these cases relate to love and sex and I had such challenges myself. Regardless of why, though, I do know that this isn’t the right way to support teens and young adults while they figure out what they’re going to do with that Ferrari they’ve just been given the keys to. We all respond to shame and judgment with avoidance: we cover up, we lie, we do all we can to ensure we don’t bring that opprobrium from others onto ourselves. And if I’ve learned one thing about relationships as I’ve gotten older, and about publicity and PR from my work, it’s that the lying and the cover-up is always worse than the act itself. We should be making it easier not harder for people to be open and honest about love and sex. And yes, that means trying to make it safe to fuck up and do stupid shit, admit it, and move forward.

So, give Kristen Stewart a break. Cut Prince Harry some slack. Let them flail and struggle and figure it all out and exercise their inalienable right to be stupid and not pay for it for the rest of their lives. Because it’s not just about them: it’s about everyone that age. You can be sure teens and twenty-somethings are watching and learning from this all.

In the end, my old rule of “just because you can doesn’t mean you should” pertains here. Just because you can read about this, share it, tweet about it, take pictures, text, etc. about something stupid doesn’t mean you should. And besides, do you want to be under this spotlight? I didn’t think so. I sure don’t.

Thoughts on Spotify, and Pandora

You may (or may not) have noticed that it’s been many months since my last update. I won’t bore you with details but suffice it to say that I’ve been separated from my music collection due to a catastrophic copying error that has sent me on a long-haul project to recopy all my CDs and rebuild all my playlists and a home remodel that has put that project on hold for ten months or so.

It’s a huge undertaking and a pain, but ultimately it’s been a valuable learning experience and a chance to become reacquainted with my music library.

I plan to share some of what I’ve learned here, in the hopes that it helps others.

But for today, for this first post after hiatus, I want to return to the topic of online music that was at the center of my last post.

While I’ve been separated from my iPod and my owned music library, I’ve had a chance to try subscriptions to Spotify, and Pandora. And after giving them a go, I’ve formed an opinion on them and am ready to share that.

Before I share my opinion, though, I want to share something that has been critical in helping me to form my opinion.

This image, by David McCandless at, is a very stark lesson in what online music means to artists.

Image courtesy of David McCandless at

The image is a bit dated and it lacks information about Pandora. But the overall message is a very stark one. Streaming music is BAD for artists, at least in its current business form.

It’s too bad because it feels like streaming is the future. But anyone who truly loves music has to care about the people that make that music. And in an era where music programs are being cut, orchestras are shutting down and the arts are under attack, one has to be mindful and conscious not just of cost but support.

And so, yesterday, I closed my Spotify and accounts. I am keeping Pandora for now (in part because I paid for a full year of the premium service). But Pandora I intend to use as a means to discover new music to own.

I won’t miss Spotify or I didn’t find them revolutionarily easy to use. And in a way, by owning music and curating a library like I am, I have more familiarity and understanding of my music than I would with something just “appearing” on a computer-generated playlist. And Spotify I found to be hard to use in terms of discovery.

Pandora at least does a better job within its model in that regard. It finds for you and you accept that. And the fact that it can introduce me to new things I didn’t know of is of value both to me and to artists.

But for now, I’m happily rebuilding my iTune/iPod library and delighting in finding things that I’d forgotten about. I’ve found better ways to organize iTunes to make things more discoverable. I’ll be writing on that some time soon.

Getting the story right when you didn’t get it right

Today via Geekwire (and others) we’re hearing about how the radio show This American Life has issued a wholesale retraction of their story from January about factory working conditions at an Apple supplier in China. The full retraction is available on This American Life’s blog.

What’s interesting about this is how they’re handling the issue. News organizations make mistakes and issue retractions regularly: this isn’t a unique incident. But, as This American’s Life’s press release makes clear, this wasn’t just any story for them. This was a very big story for them.

To their credit, since they have to retract a big story, they’re doing so in a big way. They’ve essentially done a new story talking about how they got this wrong. They’re even doing a special broadcast just to focus on how they got this wrong. And, they’ve taken full and clear responsibility, apologized, and spoken openly about how this situation can impact the trust their audience puts in them.

A big mistake on a big story requires a big response to make it right. By handling this like they have, This American Life has not only taken steps that very effectively mitigate the harm of this incident, by being so open and upfront they’ve also taken steps to actively regain the trust that they acknowledge an incident like this can harm.

This is a model for how news organizations can effectively handle situations like this. They really should be commended.

Ten Years After Bill Gates’ Trustworthy Computing Memo

Ten years ago yesterday, Bill Gates sent out his Trustworthy Computing memo that marked a significant change in the culture at Microsoft and put security, privacy and reliability at the center of the company as ideals.

I was at Microsoft as part of the Microsoft Security Response Center when that came out. And until I left Microsoft in December 2010, I was involved in security and privacy. So I have a former insider’s long-term view of what that was all like.

As my former colleagues are marking the occasion I’m sharing my own thoughts on what it meant then and what it means for the future.

Here are my comments in Robert X. Cringly’s article “PC security: We’ve come a long way, baby“. And a longer write-up by me over at Betanews “10 years after Bill Gates’ Trustworthy Computing memo: What it meant for Microsoft and why every tech company needs one“.

It was something to be a part of, but the world is different today. Part of my take on it is how this is still relevant in this different world.