A holiday song for 2021

We’ll be home for Christmas
To the tune of “I’ll Be Home for Christmas” by Kim Gannon and Walter Kent
Alternate lyrics by Maxim Weinstein

We’ll be home for Christmas
We’ve nothing to do
But watch TV and drink our tea
And open gifts for two

Christmas Eve will find us
Staring at our lawn
At least alone we won’t come
Down with omicron

We’ll be home for Christmas
Canceled our planned trip
Family, perhaps next year
If COVID levels slip

Christmas Day will find us
Here without a doubt
We’ll be home for Christmas
Because we can’t go out

We’ll be home for Christmas
Because we can’t go out

Alexa’s constraints make it a better assistant

“OK Google,” I said to my Pixel phone, “pause.”

I expected my music to stop playing. Instead, Google Assistant offered me the top search result: PAWS, an animal advocacy organization. This isn’t the only time Assistant has failed to catch my intent. More than once, I’ve said “never mind” after inadvertently invoking the Assistant with the wake phrase, only to be told that “Nevermind” was an album by Nirvana.

Don’t misunderstand me (even if my phone does). The versatility of Google Assistant has its perks. I love being able to set time or place based reminders. If I want to know how tall Angelina Jolie is (5’7″) or how long it will take me to get to my parents’ house (23 minutes), Assistant is ideal.

No, the problem with Assistant isn’t its lack of capabilities, but its lack of constraints. You can say anything to it, and it will respond. Even if the response is unrelated to what you need.

In contrast, Amazon’s Alexa has a large but limited vocabulary. My Echo may not know the phone number of the local CVS, but when I say “pause,” there’s no ambiguity—paws have no place in its syntax. If I say “Alexa… never mind,” it doesn’t mind. It just drops the conversation.

And, as it turns out, that’s what I want in a voice-activated assistant. I know what Alexa can do, and I know she’ll do it when I ask. When I need a search engine, I’ll talk to Google. But, for now, Alexa is my girl Friday.

Posted in Me

It’s time for Republicans to step up

The 115th Congress has begun. Republicans enter the session feeling triumphant, with majorities in both houses and a Republican (albeit a rogue one) in the White House. Indeed, even as unpredictable as he is, President-elect Trump is clearly on the side of dyed-in-the-wool Republicans on a lot of issues: lower taxes for the wealthy and corporations, reduced environmental regulation, and hawkish foreign policy, to name a few.

But there’s a difference between being an ideological conservative and being a… well,whatever it is that Donald Trump is. And the next two years will show who are the real conservatives—those Republicans that actually stand for something bigger than themselves—and those who are political hacks.

The evidence will begin mounting early, as the president-elect’s nominees for the executive branch come up for confirmation. I’m not calling on the Republican senators to reject every nominee that disagree with. I’m calling on them to reject those that don’t represent good government. Not “good” in the sense of “how Democrats think it should be.” But “good” in the sense of “will strive in good faith to do the job effectively.”

Here’s the oath of office that all civilian appointees of the federal government must take, per U.S. law:

I, name, do solemnly swear (or affirm) that I will support and defend the Constitution of the United States against all enemies, foreign and domestic; that I will bear true faith and allegiance to the same; that I take this obligation freely, without any mental reservation or purpose of evasion; and that I will well and faithfully discharge the duties of the office on which I am about to enter. So help me God.

Can anyone really believe that Rick Perry, who said he wanted to eliminate the Energy Department, will “well and faithfully discharge the duties” of the head of that department? Will Jeff Sessions, the presumptive nominee for Attorney General, really “support and defend the Constitution,” when he clearly believes that Constitutional rights do not apply to all Americans?

Yes, it’s time for the real Republicans to stand up. Now is the time to show that they are fighting for a better America, rather than a better position on Trump’s naughty-or-nice list.

The real problem with online advertising

We’ve all heard the complaints about online advertising: it invades our privacy, it’s ruining traditional media, it’s an annoying distraction. But for all that, the advertising companies tell us, we’re supposed to be getting a valuable benefit: advertising that is personalized to our interests. Here’s the real problem, then: despite years of tracking our every move and mining all our data, personalized ads still suck.

On Facebook right now, I see a Microsoft Store ad for the new Surface Pro 3. Fair enough, I guess: I’m a tech geek and I recently read a couple reviews of the Surface Pro 3, because I’m curious about it. Yet I’m not in the market for a computer (in fact, Facebook should know that I recently purchased one, since I posted that information recently). And, even if I was, it wouldn’t be the Surface Pro 3, and it wouldn’t be from the Microsoft Store. Another recent ad (I think also on Facebook) that I saw repeatedly was for Digital Storm, the company from which I did buy my new PC. Yet I continued seeing the same ad, with the same picture of a computer I looked at briefly and decided I didn’t want, well after purchasing the one I did want.

Alongside an article about the Boston Celtics on the Boston Herald’s site, I currently see ads for CrashPlan (an online backup service I’ve been using for over a year) and a coupon for SCOTTeVEST with an exhortation to “see our most popular items,” even though I’ve seen their popular items many times and own one of them already.

On my work PC, I’ve recently been seeing two ads pop up repeatedly: one for my company’s own product and another encouraging me to apply to Year Up, the program for urban young adults where I used to work.

It’s not that these ads aren’t relevant to me. Clearly they are. Yet they’re not at all useful to me. To make them useful, they would have to expose me to brands and products that I’m not already thinking about. If you know I like Digital Storm computers, show me ads from other custom PC makers. If I wear SCOTTeVEST travel clothes, show me ads for other companies that sell travel gear. Of course, quality control is also important: these are companies known for high quality products, so if you show me ads from scammers and counterfeiters, I’m not going to be interested. But the advertisers should know that already.

As it is, the only ads I ever consider clicking on are the top few sponsored results in Google searches. Often these are exactly what I’m looking for. Of course, they’re also often the same as the top few organic search results (I just searched for “Hyundai,” and hyundaiusa.com was the first ad and the first search result). So, great, I get really useful ads the one time I don’t need them. (And, sorry, advertisers: you’re paying for clicks you would have gotten anyway.)

I recognize that I may not be a typical consumer and that my browsing and purchasing habits may be different from others’. But that’s the point, isn’t it? Ads haven’t yet gotten personalized enough to understand how I’m different and to make the ads useful. In aggregate, online advertising works, if the amount of money being poured into it is any indication. But for me, at least, it still sucks.

How much is too much?

Like many people, I have a bunch of blogs and news sites that I keep track of using the Feedly RSS reader. I also have a few newsletters that I receive via my home and work email addresses. It seems like I’m always falling behind on my feeds and the subsequent reading that they generate. So, I decided to do a little experiment: I timed myself catching up on 24 hours’ worth of feeds. Here are the results:

  • 40 minutes scrolling through the feeds, skimming or reading the occasional article, clipping a recipe, or adding a longer article to Pocket to read later.
  • Another 10 minutes doing the same for the newsletters.
  • 35 minutes reading the longer articles I had saved to Pocket (occasionally giving up on one partway through).

That’s 85 minutes, close to an hour and a half. And it’s worth noting that this didn’t include the time to read and “process” (in Getting Things Done vernacular) my Facebook feed (which I recently pared down after reading The Great Facebook Deep-Clean), my Twitter timeline, or my email. It also didn’t include the 20 minutes or so I usually spend each morning scanning news headlines on Boston.com and Google News and skimming interesting-sounding articles.

On one hand, an hour and a half per day is a lot of time just consuming (some sources of) content to keep up with what’s going in my professional field and a few areas of personal interest. On the other hand, there’s a value to that time investment. In my professional career, it allows me to make better decisions about the products I market and to credibly position myself as a subject matter expert. In my personal life, it stimulates my curiosity and creativity, and it gives me a better understanding of the world I live in. My reading helps me discover new recipes, useful lifehacks, and interesting tidbits to share with colleagues, friends, and my social networks.

But how much is too much? Do I need to purge my feeds and commit to fewer long articles? Or should I commit time regularly, much as I do for exercise, to stay on top of things, while allowing myself to skip a day or two here or there without feeling too guilty about it? Probably the solution is some combination of both, though I have this sneaking suspicion that I’ll never get it quite right and will always feel a bit behind. And that’s not to mention the time I probably should spend creating rather than consuming. But that’s a topic for another day.

Be careful what you wish for

I would be more worried that someone would kill me in order to get the documents released than I would be that someone would kill me to prevent the documents from being released. Any real-world situation involves multiple adversaries, and it’s important to keep all of them in mind when designing a security system.

—Bruce Schneier, in response to Edward Snowden having a “dead man’s switch” that would release all of the documents he stole if anything happens to him.

New column on Dark Reading

I have a new column/blog on Dark Reading. Or, more accurately, I’ve taken over a column called Sophos Security Insights (previously SophosLabs Insights).

The first post, “Forget Standardization. Embrace BYOD.” went up today. Here’s a sneak peak:

Despite its rocky start, Windows 8 has IT departments salivating over the idea of standardizing on a single platform. It’s a compelling vision: phones, tablets, and workstations all running a single OS and managed through a shared set of native Microsoft tools. Compelling, perhaps, but for most organizations, it ain’t gonna happen.

Read the full post over at Dark Reading or subscribe to the feed.

No cell phone kill switch, please

From the “wait, what?” department:

In his letters, [New York State Attorney General] Schneiderman asked why companies such as Apple and Samsung, which develop such sophisticated devices, can’t also create technology to render stolen devices inoperable and eliminate the expanding black market.

Apart from the technical challenges, just think of the potential problems (errors, malicious hacking, etc.) that would result from our cell phones having remote-triggered self-destruct capability controlled by phone vendors. If you want to protect your phone, install security software like the free Sophos Mobile Security, which allows you to remotely locate, lock, or wipe your phone, but doesn’t render the phone itself inoperable. And if you’re that concerned about your phone being stolen, buy insurance (or, for families, self-insure by setting aside enough savings to replace one of the family’s phones in case of loss/theft).

Sophos bound

I’m very excited to announce that, in two weeks, I will be joining the team at Sophos. The company, dual headquartered in Abingdon, UK, and Burlington, MA, creates some of the best network and endpoint security products for small and medium enterprises. Sophos was one of the first companies to join StopBadware’s partner program when it launched in 2011, and I’ve had impressively positive interactions with the people there ever since. They also have one of the most prolific and entertaining blogs in the industry.

I’ll be joining Sophos’s marketing team as a Senior Product Marketing Manager, specializing in endpoint security. I have my friend and colleague Joram Borenstein to thank for helping me realize that much of the work I’ve done at StopBadware over the past few years has been product marketing, even if I didn’t have a name for it. I’m looking forward to this foray into a new field and a new organization. I’m also glad that I’ll be able to draw on the immense amount I’ve learned about the security industry during my five and a half years at StopBadware. I’ve had the chance to work with amazing people on our staff and board, at our partner companies, and throughout the industry. I’m grateful for the opportunity I was given to lead this exciting initiative, and I look forward to remaining involved as a member of the StopBadware Board of Directors.

I’ll be spending this week wrapping things up and training my replacement at StopBadware. Next week I get to take a much needed break, and then I’ll jump into my new role at Sophos.