The Daily Parker

Politics, Weather, Photography, and the Dog

A Harlequin hacker romance?

Via Bruce Schneier, this is literally* a thing:

The book opens with Massimo working in his combination laboratory and server farm; we know it's ironclad because of the required thumbprint and biometrics scan, but we also know it's classy because it's in an old wine cellar beneath his family villa outside Milan. Plus, he has three screens, so you know he's a serious cybersecurity hacker man.

Nat is a 20-something who lives a poverty-driven boho life. Massimo—who is Mr. Cyber—is, in her eyes, a "sleek, lean, sex-on-legs stud" who looks nothing like the stereotypical tech billionaire. And the chemistry between them ignites as he drags her back to his server room and tells her to do some... penetration testing.

She demurs.

Six chapters in. I am convinced that this book was written by a Harlequin Markov bot.

I may not add this to my book list just now. But at least I know it's out there...

*Yah, sorry. That's "literally" twice.

Specializing vs Generalizing

The US Navy's latest ship class, the triple-hulled Littoral Combat vessels, have small crews chosen for their adaptability. This has given the Navy insight into how people learn:

The ship’s most futuristic aspect, though, is its crew. The LCS was the first class of Navy ship that, because of technological change and the high cost of personnel, turned away from specialists in favor of “hybrid sailors” who have the ability to acquire skills rapidly. It was designed to operate with a mere 40 souls on board—one-fifth the number aboard comparably sized “legacy” ships and a far cry from the 350 aboard a World War II destroyer. The small size of the crew means that each sailor must be like the ship itself: a jack of many trades and not, as 240 years of tradition have prescribed, a master of just one.

Minimal manning—and with it, the replacement of specialized workers with problem-solving generalists—isn’t a particularly nautical concept. Indeed, it will sound familiar to anyone in an organization who’s been asked to “do more with less”—which, these days, seems to be just about everyone. Ten years from now, the Deloitte consultant Erica Volini projects, 70 to 90 percent of workers will be in so-called hybrid jobs or superjobs—that is, positions combining tasks once performed by people in two or more traditional roles. Visit SkyWest Airlines’ careers site, and you’ll see that the company is looking for “cross utilized agents” capable of ticketing, marshaling and servicing aircraft, and handling luggage. At the online shoe company Zappos, which famously did away with job titles a few years back, employees are encouraged to take on multiple roles by joining “circles” that tackle different responsibilities. If you ask Laszlo Bock, Google’s former culture chief and now the head of the HR start-up Humu, what he looks for in a new hire, he’ll tell you “mental agility.” “What companies are looking for,” says Mary Jo King, the president of the National Résumé Writers’ Association, “is someone who can be all, do all, and pivot on a dime to solve any problem.”

The Navy knew early on that not just anyone could handle this kind of multitasking. By the early 2000s, the Office of Naval Research was commissioning studies on how to select and prepare a crew for the new ships. One of the academics brought in was Zachary Hambrick, a psychology professor at Michigan State University. Instead of trying to understand how well naval candidates might master fixed skills, Hambrick began to examine how they performed in what are known as fluid-task environments. “We wanted to identify characteristics of people who could flexibly shift,” he told me. To that end, in 2010 he administered a test to sailors at Naval Station Great Lakes—and when I traveled to Michigan State to find out more about his work, he invited me to give it a try.

It turns out, experience and openness to new experience have good and bad points. Distractability correlates positively with noticing important new information and negatively with showing up to work on time, for example. Spending 10,000 hours hitting a baseball makes sense if you want to make it in the MLB. Spending 10,000 hours studying sorting algorithms does not (at least to a professional software developer).

A timeless hoax by a government agency

NPR and other outlets reported earlier this week that the far-north Norwegian island of Sommaroy planned to abolish timekeeping:

If the 350 residents of Sommaroy get their way, the clocks will stop ticking and the alarms will cease their noise. A campaign to do away with timekeeping on the island has gained momentum as Norway's parliament considers the island's petition.

Kjell Ove Hveding spearheaded the No Time campaign and presented his petition to a member of parliament on June 13. During the endless summer days, islanders meet up at all hours and the conventions of time are meaningless, Hveding says.

Only, a subsequent press release admitted the whole thing was a marketing campaign:

NRK.no revealed today that the initiative to make Sommarøy a time-free zone was in fact a carefully planned marketing campaign, hatched by the government-owned Innovation Norway.

The story has been covered in more than 1650 articles in 1479 different media, including CNN, The Guardian, The New York Times, The Independent, Time, El País, La Repubblica, Vanity Fair and Der Spiegel, potentially reaching 1.2 billion people. The value of the coverage is estimated to 11.4 million USD - a pretty good return on investment for Innovation Norway, which spent less than 60,000 USD on the campaign.

Paul Koning, one of the moderators of the IANA Time Zone group--the group that maintains the Time Zone Database used in millions of computers, phones, and applications worldwide, including The Daily Parker--was not pleased:

That's very disturbing. It's problematic enough that not all governments give timely notice about time zone rule changes.

But if in addition we have to deal with government agencies supplying deliberately false information, the TZ work becomes that much more difficult.

Difficult indeed. The group has to deal with dictators changing time zones with almost no notice, political groups attacking the spellings of time zone identifiers, and all sorts of hassles. For a government agency to do this on purpose is not cool.

Significant website update

Today I released a new version of the Inner Drive Technology brochure/demo site. The release includes:

Now that I've got that out of the way, I'm going to start working on the next full version of the site, using (probably) a commercially-available design. The Inner Drive website last got refreshed visually sometime in 2011, or possibly earlier, so it's due.

The last update was 497 days ago, on 9 February 2018. Updating the IDEA took most of the intervening months. (That, and everything else in my life.)

Rethinking the surveillance society

Via Bruce Schneier, San Francisco-based "computer guy" Maciej Cegłowski put up a cogent, clear blog post last week showing how we might better regulate privacy:

Until recently, ambient privacy was a simple fact of life. Recording something for posterity required making special arrangements, and most of our shared experience of the past was filtered through the attenuating haze of human memory. Even police states like East Germany, where one in seven citizens was an informer, were not able to keep tabs on their entire population. Today computers have given us that power. Authoritarian states like China and Saudi Arabia are using this newfound capacity as a tool of social control. Here in the United States, we’re using it to show ads. But the infrastructure of total surveillance is everywhere the same, and everywhere being deployed at scale.

Ambient privacy is not a property of people, or of their data, but of the world around us. Just like you can’t drop out of the oil economy by refusing to drive a car, you can’t opt out of the surveillance economy by forswearing technology (and for many people, that choice is not an option). While there may be worthy reasons to take your life off the grid, the infrastructure will go up around you whether you use it or not.

All of this leads me to see a parallel between privacy law and environmental law, another area where a technological shift forced us to protect a dwindling resource that earlier generations could take for granted.

The idea of passing laws to protect the natural world was not one that came naturally to early Americans. In their experience, the wilderness was something that hungry bears came out of, not an endangered resource that required lawyers to defend. Our mastery over nature was the very measure of our civilization.

But as the balance of power between humans and nature shifted, it became clear that wild spaces could not survive without some kind of protection.

Read the whole thing. He makes a compelling case for regulating privacy the same way we regulated the environment.

Incomprehensible privacy policies

Kevin Litman-Navarro, writing for the Times, analyzed dozens of privacy policies online for readability and brevity. The situation is grim:

The vast majority of these privacy policies exceed the college reading level. And according to the most recent literacy survey conducted by the National Center for Education Statistics, over half of Americans may struggle to comprehend dense, lengthy texts. That means a significant chunk of the data collection economy is based on consenting to complicated documents that many Americans can’t understand.

Despite efforts like the General Data Protection Regulation to make policies more accessible, there seems to be an intractable tradeoff between a policy’s readability and length. Even policies that are shorter and easier to read can be impenetrable, given the amount of background knowledge required to understand how things like cookies and IP addresses play a role in data collection.

“You’re confused into thinking these are there to inform users, as opposed to protect companies,” said Albert Gidari, the consulting director of privacy at the Stanford Center for Internet and Society.

As data collection practices become more sophisticated (and invasive), it’s unlikely that privacy policies will become any easier to comprehend. And if states continue to draft their own data protection laws, as California is doing with its Consumer Privacy Act, privacy policies could balloon with location-specific addendums.

Litman-Navarro called out the BBC for its readable, short policy that explains to normal people exactly how the Beeb will use their data. He also called out AirBnB for the opposite: a lawyerly document of incredible length that tells users nothing.

Here at the Daily Parker, we only collect your personal information (specifically, your email address and name) if you give it to us through the Comment form, and we don't show your email address to anyone. Sometimes we will use it to get in touch with you directly about a comment you've left. Otherwise we treat it as we treat our own private information. Clear?

Today's reading list

If only it weren't another beautiful early-summer day in Chicago, I might spend some time indoors reading these articles:

Time to go outside...

What to teach new coders

Scott Hanselman recommends teaching systems thinking over technical coding:

I told this young person to try not to focus on the syntax of C# and the details of the .NET Framework, and rather to think about the problems that it solves and the system around it.

This advice was .NET specific, but it can also apply to someone learning Rails 3 talking to someone who knows Rails 5, or someone who learned original Node and is now reentering the industry with modern JavaScript and Node 12.

Do you understand how your system talks to the file system? To the network? Do you understand latency and how it can affect your system? Do you have a general understanding of "the stack" from when your backend gets data from the database makes anglebrackets or curly braces, sends them over the network to a client/browser, and what that next system does with the info?

Squeezing an analogy, I'm not asking you to be able to build a car from scratch, or even rebuild an engine. But I am asking you for a passing familiarity with internal combustion engines, how to change a tire, or generally how to change your oil. Or at least know that these things exist so you can google them.

This is why I'm a fan of Hanselman. He's right. Learning technical skills is easy; learning how to think is hard.

How to protect your data from being stolen

Sadly, you can't. But you can protect yourself from identity theft, as Bruce Schneier explains:

The reality is that your sensitive data has likely already been stolen, multiple times. Cybercriminals have your credit card information. They have your social security number and your mother's maiden name. They have your address and phone number. They obtained the data by hacking any one of the hundreds of companies you entrust with the data­ -- and you have no visibility into those companies' security practices, and no recourse when they lose your data.

Given this, your best option is to turn your efforts toward trying to make sure that your data isn't used against you. Enable two-factor authentication for all important accounts whenever possible. Don't reuse passwords for anything important -- ­and get a password manager to remember them all.

Do your best to disable the "secret questions" and other backup authentication mechanisms companies use when you forget your password­ -- those are invariably insecure. Watch your credit reports and your bank accounts for suspicious activity. Set up credit freezes with the major credit bureaus. Be wary of email and phone calls you get from people purporting to be from companies you do business with.

At the very least, download a password safe (like the one Schneier himself helped write) and make sure that you use a different, random password for everything.