It’s so easy to get drawn in … 17 Jun 2014Posted by Tony Law in ITasITis, Social issues, Social media, Tech Watch.
Tags: FaceBook, like
add a comment
A friend recently posted on Facebook an observation that several friends had “Liked” a posting relating to the case of the war veteran who went missing from his Hove care home in order to attend the D-Day celebrations. What concerned my friend wasn’t the underlying story; it was that that the posting in question had been placed by an organisation which is an offshoot of the BNP. No, I’m not going to add to their publicity by naming it, but you can find some discussion by following the Costa Connected link below.
My friend has a strong antipathy to the message of spurious British-ness, not least because of having a marriage partner whose family were recent immigrants – from what used to be referred to with pride as a Commonwealth country. Having lived in east London for over twenty years, and enjoyed the variety and splendour of a multi-cultural society, so do I. But that’s not the point of this post.
The point is one I’ve made before: when one assesses a piece of content, especially online, be careful. Especially especially [read that carefully, it's not a mistake] if one proposes to share or Like it. It’s important in serious or academic reporting, which is why ITasITis postings always look behind the news reports. Media often do little more than repeat the press release, or they contain unintentional inaccuracies. Go back to the original source, look for other independent reports of the work.
But this highlights that it’s equally important in the easy world of social media.
It’s so easy to Like a Facebook posting, especially now that FB drops a lot of things into your stream that have nothing to do with your friends. It’s easy to re-tweet something without really looking. But the organisation that made the initial post, in this case, gets to count those Likes and give itself an air of unwanted respectability.
Oh and incidentally: the media reports were way over hyped. It was made out that Bernard Jordan had had to “escape” from his care home. Yes, there are people who are diagnosed as EMI (Elderly and Mentally Incompetent) who have to be protected by not being told the code for the door to the outside world. But not in this case. What actually went on was that Mr Jordan was too late to join any of the organised travel parties. So he decided to make his own way. He simply forgot to tell the home he was going and, quite rightly, they got worried when they realised he’d disappeared. Thanks to media (social and conventional) he was quickly located, but there was no suggestion that he wasn’t then safe. BBC reporting, especially locally here, was more balanced: see the links. Escapade, yes: escape, no. Another case of going behind the high-profile headlines.
But to return to the main theme: Look carefully at what you’re Liking, and equally carefully at who.
• What It Really Means When You Like or Share Content from [name deleted], Costa Connected, 7 Jun 2014 (thanks to my Facebook friend for this link)
• Disappeared D-Day veteran back in UK, BBC News, 7 Jun 2014, featuring an interview with the Chief Exec of the care home
• Bernard Jordan: City honour for veteran’s ‘heroic escapade’, BBC News Sussex, 10 Jun 2014
Tags: Snowden NSA moglen privacy security
add a comment
I’ve been reading, and I recommend, Eben Moglen’s two-part essay in The Guardian about Edward Snowden. Not the first comment but probably one of the most extensive and authoritative. Moglen is professor of law and legal history at Columbia University, and is the founder and leader of the Software Freedom Law Center (SFLC). He’s entitled to say “I told you so” since his Guardian bio lists an earlier article for the paper some three years ago. The SFLC itself is approaching its tenth birthday; it was founded by Moglen and others in February 2005.
This extended essay covers three full pages in each of two days’ papers so it’s not short reading. The consensus among those who broadly support Snowden’s action is that he has revealed a security industry operating beyond democratic control and subverting the very nature of democratic government. It exposes a supposed elite group who believe that the population at large is, or shelters, “the enemy” (terrorists is the current hate-word) and therefore, in a world where universal surveillance and analysis is possible, such surveillance is to be fully deployed. It’s a bit like The Section in Stieg Larsson’s Millennium trilogy, but at a much higher level and operating with the full power of the subverted state.
And it’s not just the American NSA, though that’s Snowden’s origin. It’s not even just the major western allies of the US. China takes the same attitude: and though politically on the opposite side to the US, on this issue it lines up behind the same attitudes.
Moglen makes a powerful point which ought to be obvious but isn’t. Privacy is not a two-way relationship (between me and Facebook, or me and Gmail, or me and Twitter, or whoever).
If I send or receive email via Google (as an example only, but they are probably the biggest) then the person to whom I send, or from whom I receive mail also falls within Google’s all-encompassing range. They have not signed an agreement with Google, but Google knows about them. Facebook knows who I post to, whose postings I read, which non-friends I look up from time to time. Twitter knows … and so on. What does WordPress know about this blog and you, my readers?
Which is ok so far as these and other providers are trustable. But Snowden avers that, with or without their consent, they are not.
There is much more analysis in the article, but let’s stick just to this one point. The privacy relationship inherent in email is at least three way: myself, my service provider and my correspondent. But there is no relationship of explicit trust or consent between my correspondent and my provider.
Moglen asserts that we have been diverted into believing that privacy is a two way relationship. It’s not.
And of course where governments step in, either by court order or by extra-legal surveillance, this relationship becomes at least four way with the fourth partner, in all probability, unrecognised and unknown.
As a lawyer, Moglen analyses two broad threads to bring the situation under control.
First: user action. This does include community development of encryption software, for example, to which governments have not either sub-poena’d or stolen the keys, or built-in back doors. But it also include major commercial interests: the security (privacy) of their online commercial transactions is a fig-leaf. They must have people who realise this; it’s been pointed out often enough in the press. But it will probably take a disaster to galvanise enough pressure to force action.
Second: legal action. The US, in particular, is prone to expensive litigation and extensive damages settlements. Let’s open up one or two of these based on breach of trust. I hope I’m not misrepresenting Moglen’s argument here, but certainly he – as a lawyer – sees scope for lawyerly involvement.
I’ve scratched the surface. If these are issues that concern you, read Moglen’s essay in the Guardian online. Then go, as I myself have not yet done, to Moglen’s own SFLC archive where the longer version is held: four presentations given last autumn at Columbia and given their own URL. Read and think and, if you’re in a position to do so, act.
And yes, this blog post will be flagged on both Facebook and Twitter …
• Privacy under attack: the NSA files revealed new threats to democracy, Guardian, 27 May 2014
• Eben Moglen: Guardian contributor bio, with links to the 2011 article<
• Snowden and the Future, Eben Moglen, Columbia, Oct-Dec 2013
• Software Freedom Law Center
• Stieg Larsson’s Millennium trilogy (Wikipedia)
Lego as social media 6 May 2014Posted by Tony Law in Cloud, Impact of IT, ITasITis, Social issues, Social media, Tech Watch.
Tags: Bjarke Ingels, Lego, Minecraft, Olafur Eliasson, Tirana
add a comment
Yes you did read that correctly.
I caught up, a day or two ago, on a programme put out on the BBC Culture Show on 4th March about Lego.
The programme comments on the characteristics of Lego. It charts its evolution from a very simple kit of highly standard basic blocks. Today’s typical box contains the parts for a specific model, which are no way generic: many of the individual parts are of use for that model and that one only.
But what caught my attention towards the end of the programme was the description of how Lego has been used to enable communities to contribute to their own architectural evolution.
Bjarke Ingels, a contemporary leading architect, has used Lego to design architecture from a standard kit of parts: but far more imaginatively than the square tower blocks of the 1960s.
More striking still was Icelandic artist Olafur Eliasson whose Collectivity project took three tonnes of Lego to the citizens of Tirana, Albania in 2005. The bricks were just dumped in a heap in the town square and, within a short time, groups of people were creating, building, and re-imagining their city. The Lego acted as a medium through which they could express their ideas – not individually, but together. Not mentioned in the programme is that this is one of a range of similar projects; I’ve found others in Oslo (2011) and Copenhagen (2008).
At the end of the programme, there’s a move into actual social media and a look at Minecraft which, if you haven’t heard of it (I hadn’t!) is a cult computer game. Minecraft may be set to transform the cities of the future: like Tirana’s Lego, but in the virtual online world. It’s worth a look at the video on Minecraft’s home page. As Minecraft’s website says: “At first, people built structures to protect against nocturnal monsters, but as the game grew players worked together to create wonderful, imaginative things”.
Isn’t that what our social media, at their best, aim to do? Not for people to create individually, for their own gratification, but to share and create together. And like early Lego, the best social platforms are the ones which offer a simple kit of parts from which sophisticated collaborative spaces can be created.
• Lego – The Building Blocks of Architecture: BBC, 4 Mar 2014. The programme itself is not available here; this is just a short outline. It is available on YouTube: I don’t know if this is a legit copy!
• Lego Towers project from the Bjarke Ingels Group (BIG), which showcases many projects on its website. Ingels comes into the programme about 15 minutes in.
• Collectivity Project from Olafur Eliasson. The Tirana project is covered in the programme from about 19 minutes.
• The Collectivity Project (Olafur Eliasson), OpenIDEO (contribution by Anne Kjaer Riechert), 17 Nov 2011.
• Olafur Eliasson’s LEGO for public tower building 2008, YouTube, 13 Oct 2008 (Copenhagen: linked from a comment to the OpenIDEO posting)
What to make of Heartbleed? 10 Apr 2014Posted by Tony Law in Impact of IT, IT is business, IT marketplace, ITasITis, Social media, Tech Watch, Technorati.
Tags: Heartbleed, OpenSSL
1 comment so far
I watched the BBC News report last night about the security hole in Open SSL. With its conclusion that everyone should change all their passwords, now … and the old chestnut that you should keep separate passwords for every service you use, never write them down, and so on. Thankfully by this morning common sense is beginning to prevail. The Guardian passes on advice to check if services have been patched first; and offer a link to a tool that will check a site for you.
First, as they say, other Secure Socket Layer implementations are available. While a lot of secure web connections do rely on Open SSL, it’s not by any means universal.
Second, as always, dig behind the news. As Techcrunch did. This is the first vulnerability to have its own website and “cool logo”; this was launched by Codenomicon in Finland which started by creating notes for its own internal use and then took what it calls a “Bugs 2.0″ approach to put their information out there. I remember doing something similar way back in Year 2000 days. Incidentally, the Open SSL report (very brief) credits Google Security for discovering the bug. It also identifies the versions which are vulnerable. (There’s a note there that says that if users can’t upgrade to the fixed version, they can recompile Open SSL with -DOPENSSL_NO_HEARTBEATS which, I’m guessing, gives a clue as to the naming of the bug.)
If you want real information, then, go to Heartbleed.com. The Codenomicon Q&A is posted there. In brief: this is not a problem with the specification of SSL/TLS; it’s an implementation bug in OpenSSL. It has been around a long time, but there’s no evidence of significant exploitation. A fix is already available, but needs to be rolled out.
What was clear, too, is that the BBC reporter (and some others) don’t understand the Open Source process. The Guardian asserts that “anyone can update” the code, and leads readers to suppose that someone can maliciously insert a vulnerability. Conspiracy theories suggest that this might even be part of the NSA’s attack on internet security. But of course that ain’t the case. Yes, anyone can join an Open Source project: but code updates don’t automatically get put out there. Bugs can get through, just as they can in commercial software: but testing and versioning is a pretty rigorous process.
Also, this is a server-side problem not an end-user issue. So yes, change your passwords on key services that handle your critical resources if you’re worried but it might be worth, first, checking whether they’re likely to be using Open SSL. Your bank probably isn’t. There’s a useful list of possibly vulnerable services on Mashable (Facebook: change it; LinkedIn: no need; and so on)
And what do you do about passwords? We use so many online services and accounts that unless you have a systematic approach to passwords you’ll never cope. Personally, I have a standard, hopefully unguessable password I use for all low-criticality services; another, much stronger, for a small handful of critical and really personal ones; and a system which makes it fairly easy to recover passwords for a range of intermediate sites (rely on their Reset Password facility and keep a record of when this has been last used). But also, for online purchases, I use a separate credit card with a deliberately low credit limit. Don’t just rely on technology!
• Heartbleed, The First Security Bug With A Cool Logo, TechCrunch, 9 Apr 2014
• Heartbleed bug, website from Codenomicon (Finland) – use this site for onward references to official vulnerability reports and other sources
• OpenSSL project
• The Heartbleed Hit List, Mashable, 9 Apr 2014
• Heartbleed: don’t rush to update passwords, security experts warn, Alex Hearn, The Guardian, 9 Apr 2014
• Heartbleed bug: Public urged to reset all passwords, Rory Cellan-Jones (main report), BBC, 9 Apr 2014
• Test (your) server for Heartbleed, service from Filippo Valsorda as referenced in The Guardian. I’m unclear why this service is registered in the British Indian Ocean Territory (.io domain) since Filippo’s bio says he is currently attending “hacker school in NYC”. On your own head be it.
add a comment
I rarely post a direct link just to another piece of reporting – I prefer to go behind press reports to the originals if I can. But for shortage of time, here’s a link to a report in Wired of an interview with Sir Tim Berners-Lee. To be fair, this is the original because the event was organised by Wired to launch its own March issue celebrating the Web at 25.
So read, in brief, what TimBL has to say, and follow the links for more. The original link came through a tweet from OpenQRS, an Open Source healthcare software community. So, to be fair, there’s a link to them too.
• Tim Berners-Lee: we need to re-decentralise the web, Wired, 6 Feb 2014
• Open QRS
Facebook at 10, Microsoft at 40 5 Feb 2014Posted by Tony Law in Cloud, Impact of IT, IT is business, IT marketplace, ITasITis, Managing IT, Social media, Technorati.
add a comment
OK, a slight stretch for a snappy headline but these have been two lead stories in the last few days.
Others will comment with more depth and more knowledge than I can on either Facebook’s tenth anniversary or the appointment of Satya Nadella to succeed Steve Ballmer (and, of course, Bill Gates) at the head of Microsoft. But I was remembering, quite a while ago now, a META Group event in London when the Web was just arriving and disintermediation was a new word. The speaker took a look at the banking industry, with new on-line start-ups starting to eat the lunch of the established financial institutions.
The point was this. The new entrants invested, typically, in just two things: infrastructure, and software development. Existing players had institutional weight; they had enterprises to keep in existence with all the corporate overheads that accumulate over time. with shareholders and stockmarket expectations and dividends. They needed to cut costs to compete with the new lean players. And (doesn’t it still happen?) they would target the IT budget. So the area of investment which differentiated their new competitors was precisely where they were dis-investing.
Microsoft is fast approaching 40. It’s a solid, established player with corporate overheads, strategies, shareholders. Is it still as lean and sharp as the company which turned on a sixpence (a dime, if you’re American; a 5p piece for the youngsters) when it “got” the Internet and realised that MSN and AOL were not going to be where most of the traffic went. Enter Internet Explorer, competing with Netscape; and the rest is history.
Well … we can look at areas in the recent past where that hasn’t been repeated. Smartphones? a lot of Windows phones have been sold, but Android and iPhone are the big players and an Office 365 subscription gives access to Office mobile software on these platforms as well as Windows. But on the other hand: Office 365 is a good model, for both consumers and Microsoft, because it converts intermittent capital costs for what is still essential software into predictable operational costs. And while capital versus operational is the language of the enterprise, where Microsoft’s heart arguably is these days, the concept works for individual licences. There are undoubtedly challenges, but a CEO with an Indian background may have the right insight and vision to work round all that unavoidable corporate baggage.
What about Facebook? Facebook has got to the stage where it is acquiring the corporate baggage (shareholders and so on). It’s had to face up to public perception, particularly over issues like personal online security. Both companies now find themselves covered in the main news sections and financial pages, like any other corporation, rather than only in geek-tech reporting. They’ve gone mainstream.
So Facebook has new competitors in the social media space, sharper and newly innovative where Facebook is unavoidably solidifying. Microsoft is in a stable, continuing enterprise market which it understands; it appears not to understand the consumer market so well. Facebook is in precisely that consumer market, although a lot of enterprises use it to communicate with their own consumers. It’s a fashion market. What’s coming next? and how can Mark Zuckerberg stay ahead of the game?
No links here; just a personal opinion, and you can find lots of links with some easy searching!
Digital Natives and security 5 Jul 2013Posted by Tony Law in Cloud, Consumerization, Impact of IT, Insight services, ITasITis, Managing IT, Social media, Tech Watch, Technorati.
add a comment
I don’t normally post based on what I learn professionally in a Corporate IT Forum event, because we operate under Chatham House rules. But what follows is in the public domain and I’ve researched it without calling on any privileges.
In any discussion of collaborative working, you come up against the issue that younger people have a different take on using public tools and smart stuff than do those of us who were around as computers began to spread out beyond the finance department. Something that I remember smart people at Forrester Research beginning to highlight well over ten years ago, making the inference that younger potential employees will expect the use of these kind of tools: and may not want to work for organisations that lock them out.
Well, Generation Y is beginning to rise through the ranks; and the Millenials are coming along fast behind. So we can move beyond inference. And one of the things that distinguishes corporate work from what you can do with your own stuff at home is security. That is, protecting everything from the information resources you need to rely on to the endpoint devices and infrastructure. We see the willingness of our younger colleagues to open up on Facebook or the many more recently arrived tools. And we shake our grey heads and worry. But we maybe base our worries on what we think, rather than on what we actually know.
A group of (older) IT managers figured this, and brought together a group of “digital natives” working in security-conscious industries. They asked them how they would like to work in 2020. For an outline of the project, see a guest post by one of the group’s members, Colin Powers, just a week ago on Colin Robbins’ blog Once Upon a Camayoc. And, particularly, embedded in it is a video made by the group which you won’t find by searching. You can find more by searching Twitter for #UKCeB or #DN2020, and there is other material on YouTube too. The presentation was created using an online tool which has been around for a year or two: Prezi.
• Digital Natives: Secure Collaboration in Team Defence 2020, Colin Powers (guest post), Once Upon a Camayoc, 25 Jun 2013
• UK Council for Electronic Business (UKCeB)
• Forrester Research: What Gen Y Really Thinks About Your IT Department, TJ Keitt, 1 Apr 2011 (it seems that Forrester has dropped reference to Generation Y in its more recent research). Access requires a full client account
• Forrester Research, Create A Habitat Of Technology Engagement And Enablement For Your Workforce, C Voce and others, 10 May 2013. This report is available to free registered users and is linked to The Workforce Enablement Playbook
1 comment so far
Until I re-retire in another three months, I’m teaching an Open University first year technology course that covers the gamut of information technology from programming through online social issues to things that affect the developing world. A lot of the programming uses a specially developed system called Sense, based on MIT’s Scratch system and, in turn, built over Smalltalk (which I also still use for a variety of tasks).
Sense is an object-based system with communication between modules based on broadcast messages. Learning how objects can respond differently (or not at all) to specific messages is part of the challenge the students face, especially if their experience is around something like C++ or Java.
Some of the practical exercises with Sense involve using its interface to RSS, with programs both writing (or updating) a feed and consuming the feed. And we’re about to go into a series of online meetings in a Google Chat. As part of the coursework, they evaluate the strengths and weaknesses of different communication channels, and this is an interesting learning outcome from an otherwise unrelated exercise. Also, they should have running some software which they’ve developed to share, via RSS, indicators of each other’s presence status. This is expected to work by lighting LEDs on a Sense-linked Board. While some students cope with this well, others are challenged by programming and the Sense Board itself isn’t foolproof. The USB link doesn’t always work as it should.
So in the course of the day I’ve developed an alternative that uses on-screen displays rather than the LEDs. Agile programming I suppose: start with an idea, build it a bit at a time, and when I thought nearly finished find a quite large snag. The snag arose because each person present needs to be able to signal their own changes of status and I’d only built that into my own object – if in doubt, program symmetrically, and I forgot that rule.
It’s difficult to test anything that depends on an external RSS file because testing is likely to pepper it with incorrectly formatted test messages. So I’m patting myself on the back because, in its first real test with one of the students remotely online, it appears to work correctly!
• YouTube video: TU100: Sense and the SenseBoard, a guided tour of the SenseBoard, Mike Richards, Open University, 13 Nov 2009
• Open University offers up hardware to coding students, Duncan Geere, Wired, 14 Jun 2011
• Scratch, Massachussetts Institute of Technology Media Lab
* Working with others (2) will be about something quite different and will appear shortly
Facebook faces up: whose reputation? 30 May 2013Posted by Tony Law in Impact of IT, IT is business, ITasITis, Social issues, Social media, Technorati.
add a comment
Facebook made the mainstream news again last night. Behind the news there’s an interesting twist.
In brief: Facebook is being forced (as the commentators put it) to face up to issues of inappropriate and inflammatory comment being posted on its open platform. In the early days of the internet (think Newsgroups) or of the Web, anyone could put anything up. Communities like newsgroups or conferencing sites were largely self policing. Now, with the development of case law and some explicit regulation, it’s not such a free-for-all.
Facebook mirrors this. In many ways, for some people, Facebook is the Web. Its un-policed, self-regulated, relatively small caterpillar has become a free-flying butterfly (is that a good metaphor?) where it has millions of users, representing a wide variety of (mostly legitimate) points of view, different cultures and so on. It’s taken a while for the management of a multi-billion public company to realise they have to exercise responsibility.
OK, so far, so obvious. But the interesting thing to me about last night’s news item was that the pressure has come, specifically, from advertisers. In the Web world we’re used to thinking of advertisers as a necessary intrusion; they pay for our Google searches, our online news (paywalls apart), most of our “free” services. But here, it’s the advertisers that have forced Facebook to take notice. No, said the Nationwide Building Society (and others), we will not take the risk of our brand appearing alongside this kind of stuff.
As the BBC report says, the Nationwide action went public on Twitter. Looking at the Twitter feed for @asknationwide, on 25th May, it appears they received a large number of tweets relating to ads being displayed alongside offensive content. One tweet to @everydaysexism says “It is not our intention for our ads to appear on pages like this. We will report this page to Facebook and suspend our ads”, and they did just that.
Whoever thought that damage to brands could become a force for positive change?
• Sexism campaign: Facebook learns a lesson, Rory Cellan-Jones, BBC Technology, 29 May 2013
• Facebook bows to campaign groups over ‘hate speech’, BBC (Dave Lee and Rory Cellan-Jones), 29 May 2013
• BBC news video, 29 May 2013
• Twitter: @askNationwide and @everydaysexism (look here for other news links)
Glyndebourne’s Imago arrives 4 Mar 2013Posted by Tony Law in Impact of IT, Social issues, Social media.
add a comment
Some while ago I posted a note about Glyndebourne’s 2013 Community Opera, Imago. It’s staged this week; tickets are still available for some of the performances – at “ordinary”, not High Season, prices.
Imago is an opera about modern technology. It challenges the boundaries between real and virtual worlds, between age and youth, and between emotion and impudence. It uses serious technology in its visual effects, though not all of it is modern technology! The chorus cast and some of the orchestra are local musicians, not mainstream professionals; many of the name parts are sung by young professionals.
If you’re a techie, not used to opera, in the East Sussex area – come!
View this Glyndebourne video, or find Imago on the Glyndebourne website or on Facebook.