Donald Trump Should Channel Steve Jobs on Security

Donald Trump Should Channel Steve Jobs on Security

We saw yet another government breach last week, and more secrets went out to WikiLeaks. I’m of a mixed mind on this one, because the CIA tools disclosed likely were emulated by others, and WikiLeaks is helping consumer technology companies ensure they no longer work.

I don’t know about you, but I really don’t want any organization spying on me — not even my own government. Given how I often dress around the house, this is as much for their protection as my own.

When Steve Jobs took over, Apple also had a severe leak problem, and he was pragmatic about fixing it. Ironically, he used the U.S. government’s approach as a template. As a side note, Jobs also had a WikiLeaks problem, but whether it really was a leak or was fake news was never determined. Now that is an interesting coincidence, given the topic.

I’ll offer some suggestions about what Trump could learn from Steve Jobs, and I’ll close with my product of the week: the Jetson TX2, an amazing high-speed drone that uses Nvidia’s value-priced digital brain, to ensure that it doesn’t get you into trouble.

Steve Jobs’ Problem

When Steve came back to Apple, he had a massive problem in that he wanted to create excitement around his new products — but only when he actually had them to sell. He knew that product leaks tended to kill sales for existing products and made launches far less exciting because there was no mystery.

He also knew if that sometimes to get a product out the door you had to defeature it, and if folks expected a feature that didn’t show up, they not only wouldn’t be excited but also might avoid buying the product as a result of their disappointment.

Given that the products he started with were crap, in his opinion, he sure didn’t want people to stop buying them until he had replacements in market. At the time, though, Apple was a sieve. People who worked there had developed relationships with reporters, and they used their inside knowledge on coming products to gain status.

Simply telling them to stop really didn’t seem to have the intended effect — but since Apple’s survival was at stake, Jobs went full WWII.

Steve early on developed a reputation for firing people on the spot, often for what seemed to be trivial causes — employees referred to it as “being Steved.” So when Jobs made it clear that anyone caught leaking would be terminated immediately, folks took him seriously.

He also pulled posters out of the old-World War II campaigns, like “loose lips sink ships” and made it clear to the employees that keeping quiet could make the difference between whether Apple survived and prospered or failed.

He looked to others to report anyone they knew was leaking, for the good of the company. (In one instance, this firing thing supposedly backfired badly.)

Finally, Jobs would deliberately include slight alterations about coming products in internal memos, so that if anyone did leak, he could track the leak back to the group that leaked it and then locate the individual.

That not only was sneaky, but also made the leakers less reliable, because the facts they were leaking were inaccurate. It had the dual purpose of locating and discrediting the leaker at the same time.

Saved My Job

While I was at IBM, I ran security for my organization for a short while implemented something similar because I suspected some of my own reports — which were highly sensitive at the time — would be leaked. One was, and the SVP of sales wanted me fired.

Fortunately, I was able to track the leak to that same SVP, and I outlasted him as a result. I’ll likely never forget this practice of altering reports so they can be tracked back, if leaked in whole or part.

Technology Approach

Since the Steve Jobs era, a host of tools that monitor access of information in real time, like Varonis, have emerged. They can send out alerts if people gain access to data outside of their responsibility, start copying or printing sensitive documents, or suddenly show an interest in an area they never before accessed.

These tools address the kind of bulk information theft that the U.S. intelligence community has experienced, by identifying perpetrators so they can be caught quickly and punished. It continues to surprise me that solutions such as these either aren’t in place or have not been implemented properly, even after the Snowden breach.

I agree with Julian Assange that this latest breach showcases a level of incompetence that should be unacceptable in a small private company — let alone one of the most powerful and storied intelligence organizations in the world.

Trump Channeling Jobs

Here is where Trump needs to channel Steve Jobs. When a leak like this occurs, the career bureaucrats responsible for protecting the breached data should be terminated for cause. This would convey the seriousness of the problem. Clearly, if and when the perpetrator is located, that person has to be brought to justice definitively, so that the personal risks surrounding leaking exceed the benefit of leaking.

The government should implement an access-tracking tool like Varonis, and make sure the implementation is comprehensive so that in addition to document access, system access would be tracked, so that any related types of security breaches also would be caught.

Finally, the administration seriously needs to consider a WWII level of organizational attitude readjustment, so that employees recognize they are putting their nation at risk and help to ensure that other employees report any questionable things they observe in a timely way.

Wrapping Up: Taking Security Seriously

I do think there is one other aspect of this that should be addressed, and that is that there really needs to be a better way for employees of the intelligence community to report illegal activities other than leaking them. Much of this looks like an employee saw management do something wrong, and in a fit of conscience — and with no other recourse — leaked it to stop the activity.

I mean if the CIA is planning to take over and crash cars, then at the very least, I’d like that exploit reported and fixed so that they don’t accidentally kill me in the process, or enable someone else to do it on purpose.

In short, I think the Intelligence Community should reprioritize its goal to keep citizens safe and its goal to attack others, putting the “keep us safe” part first again. Or, put more bluntly, if they know of an exploit that puts me at risk, then I’d like them to help fix it rather than keep it secret so they can kill someone else. (By the way this leaking thing doesn’t appear to be stopping the illegal activity at all — something the leakers should reflect on.)

Given that the hacking techniques leaked likely could be used against a sitting president, who is by far a larger target than I am, fixing that priority should be compelling for President Trump. In the end, I think Trump could learn a lot from how Jobs secured Apple, and it would make all of us a lot safer if he did.

One other quote President Trump might want to consider from Jobs: “If you want to make Apple great again, let’s get going. If not, get the hell out.”

Rob Enderle's Product of the Week

I was at the Nvidia Jetson TX2 launch last week and up to my armpits in security technology, autonomous drones, and what looked like a 3D scanning Ray Gun.

However, I saw one thing I had to buy, and it was the new Teal drone, due to ship during the summer.

Teal Drone

At nearly US$1,300 it is not cheap date. Given how successful DJI is in this space, you have to ask yourself why anyone would want an expensive drone with no camera gimbal in the first place. The answer is this puppy is fast.

It goes from 0-60 in 1.2 seconds and has a top speed of 85 mph. The lack of a gimbal means you can fly this with a headset on and actually feel like you are flying. That said, if you hit something at 85 mph it will be expensive, which is where the Jetson TX2 comes in.

Effectively, when turned on, it gives you a capability similar to the guardian angel for self-driving cars. It provides a bubble of safety around the drone, helping to prevent that spectacular crash that could kill your drone and end your flying days for some time.

This thing is amazing. At top speed, it sounds like a howling banshee (which is what I would have named it had it been up to me).

It defaults to your phone as a controller, but it also will use a range of professional controllers if you prefer, and it will broadcast the video to several wireless headsets for that flying experience.

It is modular in design, so that if you break an arm or blade you can replace it. The body is a single streamlined piece without the breakable parts of a typical drone has in this class.

Because it uses an AI engine, things like being able to tell the person it is following is you, along with more advanced features — like followiong complex flight plans while avoiding obstacles — are possible. The Teal is one kick-ass drone. Yes, I ordered one, and it is my product of the week.

Linux Academy Rolls Out New Cloud-Based Training Platform

Linux Academy Rolls Out New Cloud-Based Training Platform

Linux Academy, an online training platform for the Linux OS and cloud computing, on Tuesday announced a public beta rollout of its Cloud Assessments platform, which is designed to let large enterprise firms train and assess their IT workers and prospective job candidates.

Linux Academy Rolls Out New Cloud-Based Training Platform

The academy offers training on a variety of cloud-based platforms, including Amazon Web Services, Open Stack, DevOps, Azure and others.

The Cloud Assessments platform will focus initially on training and testing of AWS, due to the strong demand for that cloud-based computing platform and the large skills gap of existing knowledge among IT workers.

“Since AWS is a leader in the market, companies and individuals are rushing to ensure they can handle these technologies,” said Linux Academy CEO Anthony James.

AWS Demand

The academy’s current focus is preparation and validation for the AWS Certified Solutions Architect Associate level exam, James told LinuxInsider. However, there are other in-demand areas that it is beginning to explore.

Hands-on learning has been very important to professionals who have taken these courses, James said. “We came to understand that not only do people want to learn, but they also want to validate their skills in a way that our industry would recognize.”

Another critical aspect of the Academy’s approach is what it calls “lean learning,” which involves recommending specific training based on a user’s specific performance, he continued. The new training efforts target specific areas that need improvement.

The Cloud Assessments platform offers a different approach to teaching IT professionals by using live servers in existing work environments. Workers actually learn skills they can use on the job in real time. They’re not limited to responding to questions in a test environment.

Individuals also can use Cloud Assessments to earn micro-certfiications for AWS skills.

Linux Academy and Cybrary last month conducted a survey of 6,000 IT professionals, and 35 percent said that micro-certifications would help them get a job or advance in an existing position.

In addition, 85 percent said they would pursue micro-certifications if their employers helped facilitate the training.

Skills Gap

“The launch of this program is another indication of the accelerating adoption of cloud services,” noted Jeffrey Kaplan, managing director of ThinkStrategies, “and there is no question that initial focus on AWS specialists is because of its dominant position in the market at this time.”

As the demand for multi-cloud services increases, the academy’s program likely will broaden to include training courses for additional cloud platforms, he told LinuxInsider.

Certification programs directly from AWS are exam-based, said Paul Teich, principal analyst at Tirias Research.

However, Linux Academy has created a more practical “live assessment” environment in which users are graded on actually using AWS rather than just answering questions correctly, he told LinuxInsider.

“Cloud services really don’t care about certification, but enterprise does,” Teich pointed out. “Enterprise needs these certifications to start implementing hybrid cloud business models. Upleveling certification to demonstrate practical experience should play well with enterprise IT shops.”

Amazon Web Services last year announced an effort to enhance its AWS Educate program to offer additional modules, called “cloud career pathways,” to help educate students about cloud-based skills, as well as connect them with specific cloud-based jobs offered by various employers, including AWS, Salesforce, Cloudnexa and Splunk.

Gadget Ogling: Note-Taker Triumphs, Classic Nokia Returns, and Audio Thrills

Gadget Ogling: Note-Taker Triumphs, Classic Nokia Returns, and Audio Thrills

Welcome to Gadget Dreams and Nightmares, the column that sometimes takes a break from figuring out why people are investing in an ephemeral content company losing half a billion dollars a year and suffering slowing user growth to pore over the latest gadget announcements.

This time around, we take a look at an automated transcription device, the return of a classic cellphone, and Bang and Olufsen’s latest wireless speaker.

As ever, these are not reviews — a difficult prospect when I’ve yet to see any of these items in person, let alone rigorously test them. The ratings relate only to how much I’d like to use each with my somehow-still-frigid-in-March fingers.

Transcription Tedium Killer

As someone who deals with words for a living, there are countless occasions on which I have to transcribe speech. It’s tedious, and until voice recognition truly can handle all manner of accents and verbal tics, it’s a necessary evil. Hands up, everyone who thinks I wouldn’t want a machine to take care of that for me. No one? Good.

Titan Note records and transcribes audio, with a particular trick up its sleeve: It can discern different speakers when it’s transcribing. It can operate as a speaker as well — and if you’re in a pinch, it can charge your mobile device.

That sounds great. It’s hard to tell how successful the Titan Note will prove in practice, given that even the most intelligent AI tools, like Siri and Google’s Assistant, struggle to transcribe accurately.

Yet if it can do the bulk of my transcription work, letting me drop in at the end to clean up any mistakes, I can’t see any reason why I wouldn’t want this in my toolbag.

Rating: 5 out of 5 Eye Think It Will Be Fairly Accurates

Fine Finnish

Nokia’s classic 3310 mobile phone is back with a twist. The hugely successful phone made its bow in 2000, selling more than 126 million units.

Nokia discontinued the sturdy handset in 2005, but 12 years later, HMD Global has revived the 3310 under the Nokia banner as a feature phone for a new generation.

The modern incarnation, which uses the Nokia S30+ operating system, includes an FM radio, a basic Web browser and a voice recorder. Though the 3310 carries only 16 MB of onboard storage, that’s expandable up to 32 GB with a microSD card. You’ll need that for the 2-MP rear camera, which can capture video.

You won’t have to worry about shelling out for ringtones or composing them yourself: This version can play MP3 ringtones.

Most importantly, the 3310 includes a version of Snake, the game that’s synonymous with the original phone. An infuriatingly simple game to play, I’d wager Snake was a key harbinger for the success of mobile gaming in its current state.

The most attractive aspect of the 3310 for your humble, clumsy columnist is the hope it’ll prove as rigid as the original device. I recently dropped my iPhone 6 one time too many, and I am forced either to overspend on a repair or tough it out with a spider-web screen until renewal time.

At 49 euros, the 3310 could prove a useful backup until then. Also, I could play Snake with physical buttons on a mobile device again, which would be nice.

Sadly, the 3310 apparently works only on 2.5G GSM networks, meaning it’s impossible to use in many territories, including the U.S. and Canada.

It taps into the wave of nostalgia in the zeitgeist night now, with many yearning for glories gone by. If Stranger Things and the board game resurgence can do it for entertainment, why not the 3310 for technology?

Rating: 4 out of 5 Boxed Myself in Corners

Bang For Your Buck?

Good heavens, this is a pretty wireless speaker.

Bang & Olufsen’s Beolit 17 offers 240 watts of power, a boost from the Beolit 15 from two years ago. The leather carrying strap should make it a cinch to transport the Beolit 17, which has an aluminum speaker grill and a polymer material on the top and bottom for protection.

The top of the device has a non-slip tray that’s designed to house your phone while you’re streaming music without having to worry that you’ll scratch any surface. Critically, the Beolit apparently offers 24 hours of battery life.

There’s a connection button that links to one of four modes in the Beoplay app: Alarm with snooze; Connect, which continues music from when you stopped; Remote; and ToneTouch, which employs your preferred audio preset.

I’m not completely sure that I’m willing to spend US$499 on something I don’t absolutely need in my life right now. Still, I keep looking at the images, knowing the audio quality is bound to be at least good, and I yearn.

Rating: 4 out of 5 Mournful Melodies

Facebook Gets Tough on Spy Apps

Facebook Gets Tough on Spy Apps

Accelerate MySQL for Demanding OLAP and OLTP Use Cases
The Apache Ignite in-memory computing platform can easily be inserted into existing MySQL architectures to overcome the inherent limitations. This results in dramatically faster large-scale analytics and transactions without significantly increasing development and management overhead. Get the GridGain White Paper.

Facebook on Monday moved to prevent spy applications from accessing its users’ data.

The company has updated its Facebook and Instagram policies to prohibit developers from using data obtained from those platforms in surveillance tools, according to Rob Sherman, deputy chief privacy officer at Facebook.

Facebook already has taken enforcement actions against devs who created and marketed surveillance tools in violation of the company’s previous policy, he noted, adding that “we want to be sure everyone understands the underlying policy and how to comply.”

Facebook has been under pressure to beef up its rules governing surveillance apps since last fall, when the American Civil Liberties Union released a report exposing how Geofeedia was using Facebook, Instagram and Twitter data to track protesters in Baltimore and Ferguson, Missouri.

Marketing materials for surveillance companies urged police to monitor hashtags associated with Black Lives Matter, and labeled unions and activist groups as “overt threats,” the ACLU also reported.

“We depend on social networks to connect and communicate about the most important issues in our lives and the core political and social issues in our country,” said Nicole Ozer, technology and civil Liberties director at the ACLU of California.

“Now more than ever, we expect companies to slam shut any surveillance side doors and make sure nobody can use their platforms to target people of color and activists,” she added.

Data Sellers Chill Dissent

The ACLU is part of a coalition that includes the Center for Media Justice and the Color of Change. The group aims to persuade social media companies to establish robust systems to make sure the rules prohibiting surveillance are followed.

“When technology companies allow their platforms and devices to be used to conduct mass surveillance of activists and other targeted communities, it chills democratic dissent and gives authoritarianism a license to thrive,” said Malkia Cyril, executive director of the Center for Media Justice.

“Social media platforms are a powerful tool for black people to draw attention to the injustices our community faces,” remarked Brandi Collins, campaign director for Color of Change.

“We commend Facebook and Instagram for this step,” she continued, “and call on all companies who claim to value diversity and justice to also stand up and do what’s needed to limit invasive social media surveillance from being used to target black and brown people in low-income communities.”

All Facebook users will benefit from the crackdown on surveillance apps, said Andrew Sudbury, CTO of Abine.

“This should improve user privacy, as there shouldn’t be any commercial companies reselling access to them and their data to law enforcement for tracking and intelligence gathering purposes,” he told TechNewsWorld.

Mixed Bag for Cops

For law enforcement agencies using information from developers of surveillance apps, Facebook’s policy will be a mixed bag.

“There’s nothing to stop law enforcement from looking as a suspect’s Facebook feed, but it will stop these intermediary-type companies like Geofeedia from getting automated feeds of information,” said Timothy Toohey, an attorney with Greenberg Glusker Fields Claman & Machtinger.

Enforcement still could be a problem for Facebook, though.

“There may be other companies that have ways to scrape this information from Facebook without developer access,” Toohey told TechNewsWorld.

Facebook’s ability and willingness to police its antisurveillance policy will be key to its success.

“A company could simply do its surveillance anyway,” Abine’s Sudbury noted. “Then it would fall on Facebook to carefully monitor what and how developers access data, looking for clues as to the purposes of the data.”

Controversies over what’s done with Facebook’s data are unavoidable, Toohey maintained.

“The data is incredibly valuable. It’s valuable to law enforcement. It’s valuable to private enterprises,” he said. “Facebook wants to monetize that, which puts them in very difficult positions balancing their commercial interests with other interests.”