The Dangers of Email

How dangerous is email?

The Register reports:

“Well, 91 per cent of all cyberattacks originate with email, according to Redmond.”

That’s a stunning statistic, especially if it’s accurate. And it partly explains why Microsoft is warning about “a widespread credential-phishing campaign” even although it claims its systems have a solid defense against it. Read the whole article here.

Apple and the Register

I know it’s old news, but on browsing a Register article about the fruity company’s new plans to scan iPhones for child pornography, I came across this article: Inside our three-month effort to attend Apple’s iPhone 7 launch party.

It’s well worth reading in full, if only to see how companies can twist words to avoid telling the truth.

This is the enduring takeaway.

“The truth though is that large tech companies, especially in Silicon Valley, often use access to their events and their executives as a way to force positive coverage of themselves. If you write one bad thing about them, they threaten to stop talking to you. If you ignore the warnings, they blacklist you.

Unsurprisingly, The Register is not all that flexible when it comes to tech companies trying to intimidate us into writing nothing but positive press coverage. The question you should be asking yourself is: does that mean that everyone who is invited to Apple’s events can be relied upon to self-censor any negative comments? (Quick clue: the answer’s yes.)”

Bear that quote in mind the next time you see somebody reporting on an Apple press conference.

Secure? You better believe it

Earlier this week, the Register reported the bombshell news that Intel chips have a major security flaw.

Since Intel chips are the most widely used, and dominate the PC, Apple, and big server market, and fixes seem likely to impact performance, to say that this was a shocker is something of an understatement.

Intel leapt into defense mode and issued a statement about how it’s no big deal, it’s going to be fixed, and we are not the only ones with a problem. I thoroughly recommend you read the Register‘s takedown of that statement here.

It’s from that analysis, I offer the following snippet as something to muse over:

“One step below security by obscurity, there’s security by belief. Demand more.”

Secure? You better believe it!

I wonder what Bruce Schneier will say?

Embarrassment of the week

Time to look away from the world of politics. Let’s look at the world of hi-tech business. How embarrassing is this:

Twitter bans own CEO Jack Dorsey from Twitter

Twitter briefly suspended the Twitter account of Twitter cofounder and CEO Jack Dorsey today. It sparked some fears the big boss had been unceremoniously booted out of the troubled biz or had fallen foul of his own anti-abuse complaints system. But it was probably a bug or something mundane like that.

The Register has the story here.

The legal business

A cracking quote from Joshua Fireman, US law firm management consultant:

“We find ourselves using 19th century processes with 20th century technology to solve 21st century problems.”

Source: Legal IT Insider, September 2016. The website is here.

Based on what I have seen in local legal practices, the management processes may even be 18th century.

Shock! Horror! Probe! Apple tries to stifle criticism

It’s not only taxes that Apple tries to avoid; they are not keen on criticism of their products either. One weapon in their corporate arsenal is controlling access to their launch events. Write something less than stellar, and you – and your organization – are unlikely to be invited back. That’s the conclusion of this Register piece by Kieren McCarthyInside our three-month effort to attend Apple’s iPhone 7 launch party – which shows you some of the shenanigans Apple got up to, instead of coming out and plainly admitting there is a media blacklist. Shame on Apple. However, if you don’t think it affects you, perhaps as an Apple consumer, think again. As the Register piece notes:

“Unsurprisingly, The Register is not all that flexible when it comes to tech companies trying to intimidate us into writing nothing but positive press coverage. The question you should be asking yourself is: does that mean that everyone who is invited to Apple’s events can be relied upon to self-censor any negative comments? (Quick clue: the answer’s yes.)

You have been warned.

Always take the music with you

speakers
The item pictured above is an UE ROLL Ultraportable Bluetooth Speaker. It’s waterproof, shockproof, and delivers excellent quality sound when connected to a smartphone. Susan bought one from the duty free at Heathrow on our trip last month to the UK.

Last week, Susan and I did a bike ride to the Tel Aviv namal and back. Susan decided that she wanted to have her music with her, so she charged up the device, and stuck it in her backpack. Controlling the sound from her handlebar mounted iPhone, she was able to achieve what she wanted. While some of the music wasn’t to my taste, there was some that caught the mood exactly. For example, we found ourselves singing Queen‘s Bohemian Rhapsody as we cycled over the bridge at Herzliya Railway Station. There were a couple of other pop classics that we murdered, too! It was great fun. And, as continuing proof of the power of music, it gave an extra boost to our cycling performance.

Susan has used the device quite a bit, and is very satisfied with it. Since her hearing is much better than mine, and she says the sound is good, that’s a decent piece of praise. Worth checking out that piece of kit if you are in the market for a Bluetooth speaker. Incidentally, the guy at Dixons at Heathrow tried to convince Susan to buy the cheaper model. But, this one was the Which? recommendation, and Susan stuck to her guns. My bet is that Dixons have too much stock of the cheaper one.

Replacing lawyers?

Globes has some financial news about an Israeli startup that caught my eye:

Israeli online contract review platform LawGeex announced today $2.5 million in funding from Lool Ventures and LionBird and angel investors Eilon Tirosh and Rami Lipman. The startup has also launched its online contract review solution free of charge for consumers. Using machine learning, the Israeli startup sets out to “out-lawyer” the lawyers.

And how do you “out-lawyer” lawyers, according to the report?

LawGeex allows consumers to upload any type of contract to its platform and receive, within 24 hours, an in-depth report of what’s good, bad and even missing from their contract. Currently reviewing over 20 types of contracts, the free solution begins with employment agreements, with more contract types to be offered for free in the near future.

Here’s more by way of context:

LawGeex cofounder and CEO Noory Bechor said, “The driving force behind LawGeex is the belief that no one should sign a contract that they don’t fully understand. An astounding 33% of Americans need a lawyer every year but do not hire one, either because they can’t afford to or did not know where to turn. This ultimately leads to one-sided negotiations and unfair results. LawGeex has already earned the trust of thousands of users while ensuring quality and transparency, leveling the playing field when it comes to contract negotiations. Our machine learning platform has already reviewed over tens of thousands of contracts, many of which are employment contracts from some of the world’s largest tech companies such as Apple, Google, and Facebook. We make sure all employees get a fair deal.”

An interesting concept. So, you get a contract, and you give it to LawGeex to review. LawGeex tells you what is wrong with the contract.

(I have assumed the system is somehow able to tailor its advice taking into account jurisdictional issues. For example, just sticking to employment contracts, there are differences between USA and UK law about what is required, what is the normal standard, and what is legal and illegal.)

That’s very helpful. But what then? How do you fix the contract? It doesn’t appear if LawGeex is going to give you the contract wording required to address whatever issues arise. And, knowing what needs to be added to a contract, and actually adding it – making sure all the angles are covered – is no trivial task. To do it properly, you need to have some experience or training. You know, like being a lawyer…

I’m poking fun at the concept while recognizing that they do not promote it as a complete legal solution. But that’s not exactly an up front message. So, I question how useful LawGeex might be without proper legal skills to back it up. I have not seen anything to suggest LawGeex will provide the missing text, nor am I aware of any technological solution. For sure, there are online contract providers, but they are all offering templates, and not individually tailored contract revision advice. For that, at least for now, you need a human being. (A bit of a stretch when it comes to some members of my former profession, I know, but let’s live with it for now.)

It will be interesting to see how LawGeex does. Perhaps it will be a fit for someone else active in this field. But for now, I’m skeptical it will be successful, long term.

The Globes report is available, here.

Why bother with security software?

The Register reports on an experiment by a team from Google, the University of Illinois Urbana-Champaign, and the University of Michigan. They left about 300 USB drives around the Urbana-Champaign campus. An incredible 48 percent of the drives were taken and plugged into a computer – some within minutes of being left.

“The security community has long held the belief that users can be socially engineered into picking up and plugging in seemingly lost USB flash drives they find…”

<snip>

“Unfortunately, whether driven by altruistic motives or human curiosity, the user unknowingly opens their organization to an internal attack when they connect the drive – a physical Trojan horse.”

In other words, by plugging in these USB drives, people put the security of their network at risk.

I notice that the drives were left around the University of Illinois Urbana-Champaign campus, and not that of the University of Michigan. Looking back now, I wonder if the researchers from there might have preferred to try the experiment at the Michigan campus! More seriously, it would be interesting to know what the result would be of the same experiment carried out in a city center (not a university campus) or a technology park, or even outside the offices of a cyber security company…

If I were a cyber security consultant, I would find this very troubling. What’s the point of getting the message across not to open strange emails, or click on dodgy links, if some witless individual is going to plug in an unknown USB and do the damage in that way? Or, as they say:

“There is still much work needed to understand the dynamics of social engineering, develop technical defenses, and learn how to effectively teach users how to protect themselves.”

You can read the Register article here.

Andy Grove’s lost warning?

Former Intel CEO Andy Grove in 2003 with a 1978 photo of him with Intel co-founders Robert Noyce and Gordon Moore. Source: Wikimedia

Former Intel CEO Andy Grove in 2003 with a 1978 photo of him with Intel co-founders Robert Noyce and Gordon Moore. Source: Wikimedia

Holocaust survivor Andy Grove, credited with much success at the reinvention of Intel, died earlier this week. The obituaries have set out how much of a contribution he made. For example, at the Guardian, it says:

“[Grove]…was a mercurial but visionary leader who helped position Intel’s microprocessors as the central technology inside personal computers.

Grove’s bet-the-company gamble – moving Intel from memory chips to microprocessors in the mid-1980s to serve what was still a fledgling PC industry – helped rescue Intel from a financial crisis and set it on course to becoming one of the most profitable and important technology companies of all time.

“Andy made the impossible happen, time and again, and inspired generations of technologists, entrepreneurs, and business leaders,” Intel CEO Brian Krzanich said Monday.

Robert Burgelman, a professor at Stanford University’s Graduate School of Business who started teaching management classes with Grove in the late 1980s, called Grove “one of the most incisive thinkers that I have ever come across”. He said Grove’s technical and strategic abilities were critical in building Intel and fending off threats from Asian competitors.

“I don’t think Intel would have been Intel as we know it, and therefore the US chip industry would not have been what it is” without him, Burgelman said.”

None of the obituaries, however, mentions his warning to western economies about the loss of manufacturing know-how.

The Register fills in the gap:

Lost in the obits: Intel’s Andy Grove’s great warning to Silicon Valley

You won’t prosper with a weightless economy

A few years ago, Andy Grove took the Davos crowd to task. The received wisdom at the time – and it still is – was that America’s future was as a “knowledge economy.”

It was 2010, and the former Intel CEO lamented that Foxconn employed more people – 800,000 in total – than Sony, Intel, Apple, Dell, Microsoft and HP combined.

Grove was fed up with being told that prosperity would come if the US continued to export jobs and manufacturing skills. And that the future was startups. This was a load of rubbish, he pointed out in a comment piece.

The lesson Grove had learned at Intel was that success was all about scale. As soon as a country loses its high-tech manufacturing base, it forgets how to do many things, and loses its ability to scale in a new marketplace. The spoils go to those who retain a competitive manufacturing base.

TVs were a good example, Grove wrote. Princeton economist Alan Blinder had written that the absence of TV production in the USA, as TVs became a low cost “commodity,” was a good thing.

“I disagree. Not only did we lose an untold number of jobs, we broke the chain of experience that is so important in technological evolution. As happened with batteries, abandoning today’s ‘commodity’ manufacturing can lock you out of tomorrow’s emerging industry.”

He compared it to a condemned engineer fixing a faulty guillotine, so it successfully chops off his head.

“Without scaling, we don’t just lose jobs – we lose our hold on new technologies. Losing the ability to scale will ultimately damage our capacity to innovate.”

Grove was sympathetic to the mixed model of free markets and strategic prioritization that Asian companies used, but with a more corporatist model, where the governments choose winners. He suggested imposing levies on manufactured imports, with the money raised being doled out on strategic loans.

The accepted position is that you cannot manufacture in the west, because you cannot compete with low cost manufacturing in China and elsewhere. But I know at least one lone voice in the crowd protesting that the accepted position is wrong. There are many more, though they are in the minority. It depends what you manufacture, how you manufacture, and what the local economic situation is regarding imports. If Europe, for example, has no import barriers, no wonder it is swimming in cheap imports. If tax allowances for investment in manufacturing equipment are woeful, no wonder there is a hesitation about such investment. Manufacturing can be done, but it needs the people at the top to recognize the whole situation, and put in place mechanisms that pay heed to the warnings that Grove and others have given.

Read the whole piece here. It includes an interesting note about the Dyson position, and a link to Grove’s original article.