Feeds:
Posts
Comments

Earlier this month, the wife and I went to Taiwan to visit her parents, as you can read elsewhere on this blog. Well, the Wednesday after we got back, I had to stay home from work because I was sick.

I don’t take sick days very often, but this time I had to.

For you see, I don’t sleep very well on planes, if at all. I didn’t really sleep on the flight home, and then that night I only slept about four hours (Sunday night). Similarly, Monday night and Tuesday night I only slept about four hours.

But I didn’t feel tired the next day. In fact, I felt pretty good! I wasn’t groggy nor did I fall asleep early in the evening.

But the Wednesday things changed. All the lack of sleep hit me all at once. I got up in the morning and felt like I had the flu. I couldn’t eat breakfast. My head was pounding. I was nauseous. My back hurt. I made the decision to call in sick.

I went back to bed where I slept on and off. It was tough because my back muscles were so sore I couldn’t really get comfortable. My head was pounding. And I didn’t want to eat.

I stayed in bed until about 3 pm when I forced myself to get up and go to the store to pick up some Gatorade on the theory that I was severely dehydrated and that was why I felt so bad. I came home and drank a bottle of it and went back to bed around 5 pm where I remained until the wife returned.

The next day I felt a lot better.

But it was weird, I had never felt that bad after returning from overseas. Normally I feel tired in the evening but not this time. It was like my body stored up all the lousiness I wasn’t feeling and them slammed it into me all at once, telling me to rest.

I did.

But it wasn’t fun.

My cat Ruby has a routine in the evening.

Usually when I get home I walk into the house and she comes downstairs and greets me. She does this by saying “Meow!” several times, over and over. I then go to the fridge and give her some tuna (which she used to love until Whole Foods changed the brand; now she merely likes it).

I make something to eat, wash dishes after and then clean up her litter box. I then go to the couch where I rest my brain by watching videos on the Internet or reading things. Sometimes I do some extra work.

However, Ruby also likes to sleep on me. She’ll wander around for a bit and then sometime between 7:30 pm and 8:30 pm, if I’m on the couch doing nothing, she will jump on the couch and then sleep on me. This is pretty consistent, she does it every day.

She’ll at first be hyper sometimes and try to bite me but after a while she dozes off and I can harass her a little bit. She doesn’t mind, though, she likes to nap. She either lays down by me or right on me.

When she wakes up, she doesn’t jump off me completely. Instead, she goes to the edge of the couch and waits for the wife to get home (playing both sides, she stays near me but is ready to go to the door when the wife arrives). Her timing isn’t bad. About 50% of the time she starts to get ready within 20 minutes of the wife’s arrival.

When her routine is broken, the part about napping on me, she tries to make it up. This is normal on weekends late at night where the cat will walk into our bedroom, jump on the bed, ignore the wife and lay by me. Sometimes she will jump up on my side of the bed, other times she will go around so she can walk over the wife and come to me just to make sure the wife notices.

Believe me, the wife does.

WP_20140325_002

Ever since I cut back on my consumption of meat starting August 2013, I have dropped 7 lbs. My weight is now pretty consistently around a certain marker and it isn’t going down beyond that. While I also now walk 5+ miles per day, it was the change in diet that has produced the most effects.

The one on the left is me from June 2013 (I don’t have many pictures of me where I’m not wearing a hat) and the other is me from March 2014. This blog distorts the picture and stretches it down so my face looks skinnier than it actually is in real life but you can tell that my cheeks look thinner now than they used to.

So yes, I guess I do look a little different.

image

As I mentioned in my previous post, I recently went to Taiwan with my wife to visit her parents and extended family. And as I said in my previous post, I was really underwhelmed by the promise of “life in the cloud”.

However, there is one big advantage – when I take pictures with my phone, it syncs it to my OneDrive (formerly SkyDrive) automatically; that is, whenever there is an internet connection nearby. My phone does not take pictures as good as a digital camera but I really like that it syncs without me having to transfer from the digital card.

So, here are 10 of pictures from Taiwan from my phone:

1. Me outside Din Tai Fung, one of the best dumpling places in the world. I’ve been to the one in Seattle (Bellevue) and now I can say I’ve been to the one in Taipei. If M3AAWG ever has a session in Taipei, someone should sponsor a night-out here!

image

2. The fruit in Asia is better than anything in North America. This is Shakya and it is amazing!

image

3. In Taitung on the southeast corner of Taiwan is a Museum of Prehistory. It is one of the best natural history museums I have been to. They used to have elephants in Taiwan, something I never knew!

image

4. One of the computers I saw running Windows XP with Internet Explorer 6.

image

5. One of the theories about the origins of the people populating Austronesia – the islands stretching as far west as Madagascar and as far east as Easter Island, but excluding New Guinea and Australia – is that they originally descended from Taiwan. This large head is not native to Taiwan but instead pays tribute to the Easter Islanders who may be descendants of the Taiwanese.

image

6. Did you ever wonder how they grow rice? Below is a rice field. They’re all like this – slightly flooded.

image

7. The Pacific coast of Taiwan.

image

8. A busy street in Taichung on the west side of the island.

image

9. Checking out some of the street markets in Taichung.

image

10. Finally, can anyone translate what this says? The app on my phone says it means “F**k capitalism.” Is that true?

image

That’s all for now, thanks for viewing.

You can call me cynical but the latest digital revolution – putting your life in the cloud where you interact with it using devices – seems overrated to me.

You know what I mean; if you’re a member of the tech industry, the latest major trend is cloud computing. This is where all of your data is stored in various companies’ cloud computing database and you interact with it through devices like tablets, smart phones and PCs (laptops/desktops, not necessarily Microsoft OS’es). I am exaggerating, but the hype surrounding it makes it sound like this is going to be greatest thing in the history of the computer! Get ready for it! It’s going to be amazing!

image

I’m not going into a lot of detail here, but you’re smart readers. You know what I mean. I’ve saving time to get to my real point.

All this talk about life in the cloud… I have real doubts that it in real life it will live up to its greatness.

Why do I say this?

Last week, my wife and I visited her family in Taiwan. She lives here in the US and speaks English but speaks Taiwanese with her parents who can also speak English. They speak English with me, but Taiwanese with each other. Last fall, they retired and moved back to Taiwan where it is cheaper (outside of Taipei where the housing costs are worse than most of the US).

I’ve tried learning a little Taiwanese but it is very difficult. I was also learning Mandarin for a few weeks before I left (also difficult). The problem is:

  1. Unless you spend a lot of time in the country where it is the native language, you will never pick it up well enough to converse.

    They say that for English speakers, Chinese, Japanese and Korean are the hardest languages to learn and it could take around two years.

    image

  2. There are not a lot of resources to learn it.

    This is important: Taiwanese != Mandarin. They are not the same language and they are not mutually intelligible. Even though Mandarin is the official language of Taiwan, most of the population also speaks Taiwanese. There are a lot of resources (books, learning apps on my tablets, translation sites) available for Mandarin, but not for Taiwanese. The population of Taiwanese speakers is perhaps 20 million which is why there isn’t that much.

  3. Mainland China’s writing system is Simplified Chinese which is what I was learning (I was also trying to learn Mandarin). By contrast, Taiwan uses Traditional Chinese.

    In the 1950’s, mainland China converted Traditional Chinese to Simplified Chinese in order to make it easier for the population to learn. However, Taiwan did not. While some characters are the same, many are different. Thus much of the time I spent learning Simplified Chinese did not help that much in Taiwan.


My wife, in-laws and other members of her extended family were nice enough to speak English to me, but with each other they spoke Taiwanese.

They say that communication is 7% verbal and 93% non-verbal (part body language and part tone-of-voice). Well, let me tell you, that’s completely false. I am good at observing body language and when my relatives were talking to each other I absolutely did not understand 93% of what was going on.

Perhaps if you are observing others this quote is true, but once you are part of the conversation and seated at the table, that 7% verbal communication is the most important part by far! I could follow basically nothing of what was being said. Sure, I can tell the emotions of what’s going on – sometimes funny, sometimes concern, sometimes curiosity. But that’s a far cry from taking part in a conversation. I know that most of the chatting is about regular family things – who’s working where, who’s neglecting what, who’s being irresponsible (you know, gossip – the thing we all do yet all say we revile), but I was not apart of what was being discussed. I could only sit and watch.

Out on the streets, I could tell what things were:

  • I could tell what food stores were
  • I could tell the street signs
  • I understood the food vendors

But in terms of advertisements and exact messages, I could read almost nothing. All of the symbols in Mandarin I knew already didn’t show up often except for water, 水 (that sign was everywhere and I never figured out why); fish, 魚; beef, 牛; meat, 肉; man, 男; woman, 女; and good, 好. But this amounted to 1% of all the symbols I saw. Imagine reading this blog post and understanding only 1% of all the words.

image

And therein lies my disconnect.

I expected to be able to understand very little conversation or read very little. Yet I had this vague hope in my mind that technology would help me. Why did I think this? Because somehow I had the idea that life in the cloud changed everything! Why would I think that? It’s not a conscious decision, it’s something I had to have picked up somewhere and it must be from advertising and the reinforced message of having lived and worked in tech for 10 years.

Yet technology was basically useless.

For one thing, my phone’s data plan works in the United States only. If I try to use data overseas, I get charged a ridiculous amount. Can I afford it? Yes. Will I pay for it? NO!

For you see, even though it’s not logical, I am psychologically averse to going through the trouble of getting additional communication devices (phones) for something I use so infrequently (going overseas). I know there are ways around this, but there are deep seated cognitive “defects” in my brain for loss-aversion that prevent me from doing it or trying to work around it.

It seems that technology’s “Life in the cloud is great” belief assumes you have Internet connectivity everywhere. Well, I don’t. And if you don’t, then what?

Secondly, even if you have a translation app like I did on my phone that works offline, it isn’t very good for east-Asian languages. Using the translator app on my phone it has Norwegian, Russian, Swedish, Dutch, Portuguese, Spanish, French, Italian, German and Simplified Chinese available for download. As I explained above, Simplified Chinese != Traditional Chinese. I tried using it anyways and the result was worthless. There wasn’t a single instance of me pointing my phone at a line of text and having it translate something intelligible back to me. It was all a bunch of gobble-de-gook.

Every. Single. Time.

image

There was a time when I thought that the major languages like the ones that are available for offline download were the most important ones. I still think that, but the smaller languages are also still very important for two reasons:

  1. Communication – not everybody can speak the major languages.

  2. Cultural preservation – I don’t think it’s a good thing to be losing smaller languages. Cultures are important, language is one of those things that preserves it and losing them loses a cultural identity. I don’t think that people moving to the main languages of a couple dozen worldwide is a good thing.

Basically, if I want to learn a foreign language and culture, then I need to learn the language and culture. I can take a class, buy some books, learn on the web, buy software like Rosetta Stone, download some apps, and converse with native speakers. There’s really no way around it (short of having a translator). In other words, I need to do this the old fashioned way.

But here’s the point – I don’t need my life in the cloud for that. Sure, the cloud helps. I downloaded a bunch of apps onto my iPad from the Cloud. There are ways to use Skype to help practice with native speakers. I can browse Amazon book reviews to see which ones are the best ones for learning languages.

But all of that stuff existed before the “life in the cloud revolution” took place. And now that it’s being sold as the next big thing, I didn’t find that it helped me in my real life for something new. This causes me a lot of cognitive dissonance and personal conflict because I work in an industry that is trying to get everyone to move to the Cloud, and I am paid to sell that vision.

I guess that’s the disconnect I’m having a hard time articulating. It’s true that maybe I’m probably doing things wrong. Sometimes I feel like I’m too dumb to use technology the most efficient way possible.

I wonder if anyone else feels the same way?

This will be another long post.

A couple of weeks ago, you may have read that the Syrian Electronic Army hacked into Forbes and posted a bunch of usernames and passwords. What you may not know is that Forbes has been fairly transparent in describing how it happened and how they plan to mitigate going forward. This is contained in a series of articles they posted on their website.

To make a long story short – they were phished.

image

From: How the Syrian Electronic Army Hacked Us: A Detailed Timeline of Events, all highlights are mine:

Early Thursday morning, a Forbes senior executive was woken up by a call from her assistant, saying that she’d be working from home due to a forecast predicting the snowiest day of the year. When she ended the call, the executive saw on her Blackberry that she had just received a bluntly worded email that seemed to have been sent by a reporter at Vice Media, asking her to comment on a Reuters story linked in the message.

Any other time, she says she would have waited to read the linked story later at the Forbes office. But with the sale of the 96-year-old media company pending, she was on the alert for news. Groggily stepping out of bed, she grabbed her iPad, opened the email in her Forbes webmail page through a shortcut on the device’s homepage and tapped the emailed link.

In her half-asleep state, she was prompted for her webmail credentials and entered them, thinking her access to the page had timed out. When the link led to a broken url on Reuters’ website, she got dressed and began her snowy commute from Brooklyn to Manhattan without a second thought. “It was so insidious,” she says. “I didn’t know I had been hacked for another two hours.”

In fact, the phishing email had set in motion a two-day cat-and-mouse game with Syrian Electronic Army (SEA) hackers who would deface the Forbes website and backend publishing platform, attempt to post market-moving news, steal a million registered users’ credentials, and briefly offer them for sale before leaking the data online.

This is an effective strategy and it was part of a two pronged attack. Someone from Forbes got an email that is somewhat related to what they do, and they may have even received a link like this:

Hey, what do you think about this? Is it true?
http://www.article-to-some-important-new-site.com/article/cgi?=randomstuff

If you hover your mouse (if reading this on a laptop or desktop) you will see that the displayed http link is not the same as where the link actually takes you.

The linked page asks the user to enter their credentials. Being prompted to enter your credentials at work is so common that many people don’t think twice about it. This person was doing their job and so far everything more-or-less fits with their general work flow. It’s not exactly congruent, but close enough.

Once inside, the hackers used another effective tactic – they moved laterally. They sent spam from the compromised account to other users in an attempt to gain access to important data. While the spam filter didn’t work the first time because it came from the outside, it definitely wouldn’t work when sent from the inside because most environments assume that the inside is secure. People inherently know that it isn’t, but it’s close enough.

Until it isn’t.

In an interview with the attackers, Forbes posted a follow up article by Kashmir Hill about why they attacked Forbes. According to a representative not involved in the attacks but close to those who were:

He says that Forbes editorial content on Syria made it a target, pointing to recent articles about a hacker who claimed to find porn on Syrian secret police’s computers and an article decrying the SEA’s hack of the Marines’ website. “This is pure propaganda,” he said. “This is a message, we will not tolerate lies.”

In other words, this was an episode of hacktivism and resembles that 2007 DDOS attacks on the government of Estonia by Russian youth angered by the Estonian government taking down a Russian World War II memorial.

I want to make three points about this incident:

  1. This was a well-executed social engineering attack.

    image

    When I say “well-executed”, what I mean is that all the pieces of the puzzle were done with minimal suspicion.

    - The web page where the user entered their credentials looked like a valid login page
    - The phishing email didn’t contain suspicious language (i.e., grammatically correct)
    - The phishing email was relevant to the target
    - The landing page was hosted on a compromised server
    - The phishing email was sent from a compromised server that had not previously sent high volumes of abusive content

    In other words, there was great deal of care taken by the attacker to disguise their tracks, and it would be difficult for the average consumer of email to detect this without a high level of vigilance (i.e., working in the security industry, receive lots of education, etc.)

  2. People in the security industry are very smug about their own non-susceptibility to fall for scams relative to others, but shouldn’t be

    image

    This is the point that prompted me to write this post. Forbes is not the first company to have something like this happen to them. People are targeted all the time. Yet there are people in the security industry – people I have personally talked to – who say that the people who clicked the link and entered their credentials are “idiots.” When I challenged them on this point, they dug in their heels and reiterated “Nope, they’re idiots.”

    The idea is that only an “idiot” would fall for something so obvious and do something so careless like entering their credentials on a web page that looks like their regular corporate login page.

    This strongly irritates me because the average consumer is not overly security aware but they do have a basic awareness. People know about bad passwords and poor security habits, they just don’t always follow them. In the Forbes case, the user was aware but made a poor judgment. The problem is that the average consumer does not have computer security awareness drilled into them over and over again to internalize these behaviors.

    What irritates me is that while we in the security industry complain about consumers’ poor security habits despite a lack of education, but what does it say about us when we ourselves have poor health habits? For example:

    * We all know too much sugar is bad for us. It makes us gain weight and is bad for our teeth. This is reinforced almost every day. How many of us eat too much sugar? And junk food in general?

    * We all know that an inactive lifestyle is very bad for us. Yet how many take steps to ensure we get our 10,000 walking steps per day? Or try to alleviate sitting for 6-8 hours per day like the typical office worker?

    * We all know that staring at computer screens is bad for our posture, our muscles, and our eyes. Yet we do it anyway in spite of health advice that tells us not to.

    * We all know that we consume too much energy in the first world. Yet how many of us make sacrifices to reduce our energy consumption without prompting from anyone?

    In other words, the average consumer makes mistakes in a very narrow set of circumstances. Yet the same people who call consumers “idiots” for making a bad choice in spite of their lack of knowledge make bad choices every single day in their own lives in spite of an abundance of knowledge.

    And that bothers me because it is a double-standard and we should know better.

  3. Criticizing others for falling for scams makes a Fundamental Attribution Error – not accounting for the situation

    From Wikipedia:

    ”The fundamental attribution error is people’s tendency to place an undue emphasis on internal characteristics to explain someone else’s behavior in a given situation, rather than considering external factors.

    For example, consider a situation where Alice, a driver, is about to pass through an intersection. Her light turns green and she begins to accelerate, but another car drives through the red light and crosses in front of her. The fundamental attribution error may lead her to think that the driver of the other car was an unskilled or reckless driver. This will be an error if the other driver had a good reason for running the light, such as rushing a patient to the hospital. If this is the case and Alice had been driving the other car, she would have understood that the situation called for speed at the cost of safety, but when seeing it from the outside she was inclined to believe that the behavior of the other driver reflected their fundamental nature (having poor driving skills or a reckless attitude).”

    image

    Thus, from my point #1, this was a well-executed phishing attack. Saying other people are “idiots” fails to consider the circumstances in which this person clicked the link:

    - She was an editor who is asked to comment on articles like this regularly
    - She got an article and was asked to comment
    - She has to login to pages regularly
    - She doesn’t normally see spam in her inbox
    - She is used to obvious spam like “Get your free Viagra” or something similar

    Security professionals have what I call an “empathy gap” where they are unable to see the situation from the average user’s perspective. It is obvious to us but it is not obvious to others.

    However, in my own life, there are many things that are not obvious to me:

    - I don’t know exactly how my furnace heater works (I paid a professional $800 to fix it this morning)
    - I don’t know exactly how the plumbing in my house works
    - I don’t understand the medical billing system or what many of the words mean when a doctor explains to me what is wrong with me
    - I don’t fully understand exactly how all the parts of my car work together

    When I look at myself, I am an expert in almost nothing in life. Because of this, I need to empathize with the average computer user who has as little expertise as I do in almost everything as they do in my field. Were they really careless? Or am I misjudging them due to cognitive bias?

 

Anyhow, those are my thoughts on consumers getting hacked. I’m not picking on Forbes because it could happen to anyone. According to some sources, it has happened to every organization in the Fortune 500.

Tonight, the wife and I are headed out of town to visit her parents.

Last night, the heater furnace died.

This is a very inconvenient time for the heater to go down. It’s still winter and while we would turn down the heat while we are gone, we don’t want to have zero heat. That could cause some damage.

I don’t know what damage, exactly. But it’s a matter of risk tolerance. Because I don’t know, if something really bad happens in the week while we are gone and not around to keep tabs on everything, it will be a lot of money to fix. By contrast, fixing it now may be expensive but prevents future damage of unknown costs.

$800 later, the furnace is fixed.

Follow

Get every new post delivered to your Inbox.