Policy wonk. Torontonian. Photographer. Not necessarily in that order.
The great evil that we as Americans face is the banal evil of second-rate minds who can’t make it in the private sector and who therefore turn to the massive wealth directed by our government as the means to securing wealth for themselves. The enemy is not evil. The enemy is well dressed.
… an institution can be corrupted in the same way Yeltsin was when individuals within that institution become dependent upon an influence that distracts them from the intended purpose of the institution. The distracting dependency corrupts the institution.
Kevin McArthur has a response to firms who are demanding highly credentialed security staff: stop it!
Much of his argument surrounds problems with the credentialing process. He focuses on the fact that the time spent achieving an undergrad, MA, and set of professional certifications leaves prospective hires woefully out-of-date and unprepared to address existing security threats.
I recognize the argument but think that it’s somewhat of a strawman: there is nothing in a credentialing process forcing individuals to solely focus on building and achieving their credentials. Indeed, many of the larger companies that I’m familiar with hire hackers as employees and then offer them opportunities to pursue credentials on their own time, on the company dime, over the course of their employment. Many take advantage of this opportunity. This serves two purposes: adds ‘book smarts’ to a repertoire of critical thinking habits and makes the company ‘stickier’ to the employee because of the educational benefits of working for the company.
Under the rubric of enabling education opportunities for staff you can get security talent that is very good and also happens to be well educated. It’s a false dichotomy to suggest that you can have either ‘book smarts’ or ‘real world smarts’: there are lots of people with both. They don’t tend to be right out of university or high school, but they are out there.
What’s more important, and what I think the real focus of the article is meant to be, is that relying on credentials instead of work accomplished is the wrong way of evaluating prospective security staff hires. On that point, we entirely agree.
Casey Johnston, over at Ars Technica, has a two-pager complaining about how tech companies design and market so-called “Ladyphones.” It’s a quick read that picks up on earlier critiques about how certain colours, and reduced technical capabilities, are associated with derogatory gender perceptions.
That said, there are at least two elements of her piece that fall short to my mind: her analysis of the BlackBerry Pearl and of the LG Windows Phone.
Johnston argues that the BlackBerry Pearl was a device marketed for women, and emphasizes the device’s high costs and pink colouration in the UK as an example of trying to extract more money from a female demographic than would be extracted from a male demographic. She also cites the Pearl’s bizarre keyboard format and limited technical specifications to further reinforce her thesis that manufactures sell second-rate products to the female market.
As someone who owned an original Pearl 8100 I don’t know how fair her critique of RIM’s product is. Pearls were RIM’s attempt to get into the consumer market generally, with the position that a full-sized keyboard was intimidating and offsetting to male and female consumers alike. Moreover, the sizes of RIM’s other smartphones at the time – designed pre-iPhone, let’s not forget! – were offsetting to most regular, non-business, consumers.
The Pearl tried to find a balance between size, consumer market expectations, and traditional BlackBerry functionality. It was also comparatively cheaper than most other smartphones at the time (and, I would note, cheaper than the popular Motorola RAZER phones), though RIM and its carrier partners haven’t necessarily reduced the costs of the phone appropriately in all regional markets. Original colours lacked pink entirely: you could buy them in black or red. New colouring – and targeting – towards particular market segments is arguably more the result of an expanded smartphone market than anything else.
I would note than Johnston is far more generous towards RIM’s marketing and branding departments than, well, any other journalist that I’ve previously read. Her assumption that RIM was so forward thinking as to brand a consumer device ‘Pearl’ to target women is massively overestimating RIM’s (traditionally very, very, very, very poor) marketing and branding departments. Finally, the technical specs of RIM’s devices are criticized from all corners, regardless of the colour or class of device (i.e. Pearl, Curve, Torch, Bold, etc), and regardless of whether the device is targeted at professional, prosumer, or consumer markets.
The other issue with the article is her analysis of the LG Windows Phone. What she’s dead right on: LG ‘partnered’ with Jill Sander to inflate the device’s cost and try to make it appeal to a certain market segment. Yep, that’s attempting to sell a device to consumers interested in or intrigued by Sander’s line of products. Where Johnston is wrong, however, is in her effort to equate low-speced Windows Phones with high cost phones.
Unlike Android and iPhone, Microsoft’s mobile phones almost universally have poor technical specifications compared to the competition. That said, Microsoft has tweaked their devices such that the specifications really don’t matter: you get excellent performance in spite of the device using older tech. As such, I don’t really think that the technical critique rings terribly true – women aren’t expected to purchase crappy Windows phones any differently then men are – though I certainly agree around the ‘branding’ of the LG device to unnecessarily inflate costs and attract a dominantly female market.
Anyways: go read the piece and develop your own opinion. Despite my two bones to pick with her evidence I think that the thesis holds and is well supported. She’s created a piece that’s short and critical, if not as deep or as powerful a critique as I’d have liked. Hopefully we see more tech sites – and mainstream news sources! – similarly take companies to task for their attempts to sell second-rate, unnecessarily gendered, products to women.
The Verge has a terrific piece on a concept user interface for Windows 8. It’s really, really worth taking a look at: if Windows looked that good (and, *ahem*, wasn’t a pain in the ass to run over the long-haul) then I think an awful lot of people could be visually convinced to switch from OS X to Windows.
Just a few of the mobile phone apps that hoover up your information when you run them on your Android device.
While smartphones get in the news for security reasons related to mobile malware, it’s important that we not forget about the other means of attacking mobile phones. USA Today has a piece which notes that,
One type of poison text message involves tricking people into signing up for worthless services for which they get billed $9.99 a month. Another type lures them into doing a survey to win a free iPhone or gift card. Instead, the attacker gets them to divulge payment card or other info useful for identity-theft scams. “Malicious attacks have exploded well beyond e-mail, and we are very aware of their move to mobile,” says Jacinta Tobin, a board member of the Messaging Anti-Abuse Working Group, an industry group combating the problem.
This approach is really just phishing using text messages. It’s significant, but not necessarily something that we should get particularly jumpy about. The same article recognizes that “hackers are repurposing skills honed in the PC world to attacks on specific mobile devices. Particularly, handsets using Google’s Android operating system are frequently the target of hackers.” What is missing in the article is a recognition that text-based phishing can be made considerably more effective if an individual’s smartphone has already leaked considerable amounts of personal data to the attacker via a third-party application. This is the scenario we should be leery of.
Specifically: we can easily imagine a situation where a hostile application that has been installed on a smartphone acquires enough personal information that an attacker can engage in targeted spear phishing. By getting name, address, names of friends and family, places of employment, recent photos that are geotagged, and so forth, it is possible to trick individuals by text messages to ‘give up’ information. Moreover, by first compromising devices attackers can better target specific individuals based on how the phishermen have profiled device owners: they can be choosy and target those who would either be most vulnerable or best resourced. It’s the integration of two known modes of attack – phishing and compromising smart devices – that will be particularly devastating far in excess of either attack vector on its own.
We live in a dangerous time when ISPs – largely to head off potential federal regulations – establish private arrangements with copyright holders to disrupt Internet subscribers from accessing certain content. Sandoval notes that,
Last July, Comcast, Cablevision, Verizon, and Time Warner Cable and other bandwidth providers announced that they had agreed to adopt policies designed to discourage customers from pirating music, movies and software over the Web. Since then, the ISPs have been very quiet about their antipiracy measures.
But during a panel discussion here at a gathering of U.S. publishers, Cary Sherman, CEO of the Recording Industry Association of America, said most of the participating ISPs are on track to begin implementing the program by July 12.
…
[Subscribers] will also be informed of the risks they incur if they don’t stop pirating material. The ISP then can ratchet up the pressure. The ISPs can choose from a list of penalties or what the RIAA calls “mitigation measures” that include throttling down the customer’s connection speed to suspending Web access until the subscriber agrees to stop pirating. The ISPs can waive the mitigation measure if they choose.
This isn’t a small matter: rights holders regularly make errors when they assert that a person is engaging in infringing behaviour. Rights holders assume that taking ISP subscribers hostage – by throttling or otherwise impacting their online behaviours – will (a) cause subscribers to cease potentially infringing behaviour; (b) lead subscribers to acquire content in non-infringing ways. I suspect that, instead, we’ll witness a ratcheting up of anonymization and encryption schemas to limit file sharing surveillance practices.
Many will say that ISP collaboration is just the next stage of an ongoing cat-and-mouse game but, in so saying this, may fail so see the larger implications of this game. In the UK, worries that the content industry might get powerful new legal capabilities via the Digital Economy Act led the security and intelligence services to protest a copyright-related bill. It wasn’t that the services were supportive of infringement but instead that, by encouraging regular citizens to evade and hide their online actions online for consumer gain, the services’ capabilities to monitor for threats to national security would be degraded.
That’s not a small matter. You may be pleased – or not – that the security and intelligence services’ operations might be hindered. Regardless, your stance doesn’t mitigate the fact that copyright legislation threatens to have far reaching impacts. Using ISPs as traffic cops that establish antagonistic relationships with their subscribers is poor business for the ISPs and potentially makes national security issues more challenging to combat. We need to have a far more holistic accounting of what new copyright capacities and actions mean for society generally and, in the process, get away from narrowed discussions that obfuscate or externalize the full potentialities that accompany the (prospective) criminalization broad swathes of the population.
In a well-timed piece that aligns with Canada’s new copyright legislation, Techdirt describes how content owners will likely use new digital locks provisions:
The real reason why they want anti-circumvention even when there’s no copyright infringement is because it gives them a veto on any new technology. All they have to do is put in some sort of weak digital lock and suddenly the company has to “negotiate” a deal or they can be sued out of existence.
It isn’t a hypothetical ‘could content owners sue innovators into the ground’ but an action that has, and does, occur in the US. Kaleidescape, a DVD jukebox company, has been served an injunction in the US even though they enable higher degree of anti-infringement encryption than already exists on DVDs.
This is just wrong: innovative services that add value to existing products should be permitted to thrive, not be forced to beg permission to exist. The network neutrality movement is all about enabling innovators to innovate, citizens to speak, and services to interact without having to beg permission of network owners. The copyright cartels are busy crafting – and getting passed – laws that undermine the next-generation capabilities of our communications systems to protect historical revenue streams.
There comes a time that next-generation systems need to be adopted, that revenue canabalization has to occur, and new processes tested and brought to market. Our ‘new’ copyright laws are a direct threat to such innovation and risk leaving North America in a cultural ghetto at the bequest of large, democratically unrepresentative, rights holders.
From The Telecom Blog we learn that RIM has acquired Paratek Microwave Inc. Paratek is:
a company whose adaptive radio-frequency technology improves mobile-handset call quality and battery life. It’s believed that RIM may leverage this acquisition to improve the overall performance of its next generation BlackBerry smartphones.
…
General Partner of Polaris Venture Partners Alan Spoon believes RIM would benefit immensely by integrating Paratek’s game changer technology into mobile phones. He says the technology allows mobile devices to upload and download large amounts of data faster, making for longer battery life, which coupled with Paratek’s innovative design, leads to a small form factor. More importantly, the Tunable RF reduces dropped calls and allowing reliable data flow across multiple frequency bands, thereby providing an overall enhanced mobile user experience.
One of the reasons that I left behind my Window Phone 7 was its incredibly poor reception. It’s the only smartphone that I’ve owned that regularly dropped calls and made hearing calls a challenge. The iPhone that I used previously was acceptable, but not great: when I had to make, or receive, an important call I found a landline.
I don’t have to find landlines with my 9900. The call quality is terrific. While call quality isn’t something I really would have cared about a few year back – I rarely called people or received calls, and when I did they were usually personal in nature – I do care today because of the various professional calls I make on a daily basis. While the Blackberry isn’t as fun to play on it’s a far more reliable professional tool.
Not having to hunt down a landline saves me a ton of time, and I’m incredibly pleased to see that RIM cares enough about further improving call and signal quality that they are snapping up companies who can bring advantages to their smartphone environment.
Excited Pixels