kirbstr's brain

kirbstr's brain

Kirby Plessas  //  President and CEO of Plessas Experts Network, Inc.
www.plessas.net

 
Mar 14 / 9:45am

Writing on the wall...

So, it looks like Posterous' days are numbered.  I like Posterous because I don't have to think about settings and setups.  That and that I can post by just sending an email.  I don't have a lot of time to get a blog looking the way I would like.  And I don't blog much.  Where should I go next?  What is the next new thing in blogging?
 
Jan 5 / 9:16am

Stop spreading the unsubscribe from the Facebook ticker hoax. Please.

In reference to the re-emerging ticker panic on FB, Here is how it works:

It is a hoax to think that you can unsubscribe from your friend's comments, etc and not see them on the ticker. That is not how it is structured. It is also a hoax that this is how hackers can get your account. People who have never heard of you before can now see that you exist and what you wrote, but that is the extent of the security issue. 

The only way to keep your stuff off the ticker is not to post. 

If you have you privacy setting correct (friends only) in that no one who is not already your friend will see anything from your wall on the ticker (mutual friends will). But any comments you make on other people's posts may still get onto the ticker because of their privacy settings. 

Look at the bottom of anyone's post. 

If there is a globe, they are publicly open and have no privacy settings enabled and everything you post on that will be on the ticker. 

If there is a picture of two heads in silhouette, then they have "friends only" and only mutual friends will see any comments on the ticker. 

If there is a gear, hover over it. If the settings are "Custom" or a list of names, only those selected people will see what you write on the ticker. If it says "Friends of Friends" then it is almost as open as public and everyone who is friends with any of your friends will see your comments on the ticker.

These settings can change from post to post. Spread the word. Please.
 
Dec 29 / 5:36am

Facebook's unblockable content

There are lots of people sharing posts from other Facebook sites right now, which is good because a lot of times they share stuff that is funny or interesting. But occasionally you might find some of the stuff being shared annoying or offensive or whatever and want to block just that content from your stream for whatever reason. How do you do that? 

Well, what SHOULD work is if you go to the objectionable page and block that page. Theoretically any of that page's content should not be able to show up in your stream after that. 

I just went to test this out and guess what - it doesn't always work. And by not always, I mean rarely. Turns out that if the stuff being shared doesn't come from a person's page or a fan page but instead from a "community," there is no way to block it. No block option at all. And in the person's settings, you can only block ALL photos or none, not specific shares from communities.

I imagine that the FB thought process is that if a user doesn't want to see content from a certain Facebook community, they just don't join the community. But if your friends, whose content you normally value, enjoys that community, why can't you hide *just that content* from showing up in your own feed?

This is more annoying to me than anything anyone has shared from these communities. Thanks to a FB friend for pointing it out. Facebook needs to fix this.
 
Oct 8 / 6:30am

Be Prepared for Timeline (UPDATED)

Just as users are getting settled into the new Facebook feed style that was released a few weeks ago, Facebook is prepping again for another major change.  I don't purport to know all of the effects of the next set of changes, but at least three items have caught my attention.

First is the shiny and pretty new timeline feature. I have to admit, it is going to make profile pages much more attractive. I have not switched to timeline early although I know that some friends have because I wanted to wait until the official switch so I can experience the changes with the masses and notice what is effecting them. This is also the reason why I don't use any add-ons to adjust my Facebook view (although I know there are some great functional ones out there, such as Better Facebook or the Chrome extension that suppresses the new and annoying ticker). I like my Facebook raw and gritty, if you will. 

But the beauty and the danger in the new Timeline feature is that it partially solves one of the major gaps in Facebook - search. Now, I am unsure that you will be able to search through time on a profile via keyword (as would ultimately be my preference), but you could rewind and fast-forward through someone's account through their timeline and see what they had to say a year ago or more. While this might not seem to be a privacy issue (users put this information out there - they didn't care then), it is in that up until now, profile visitors could only go back in time to a minor degree to see what was posted. People change their minds and opinions they may have had two years ago may no longer be valid or what seemed funny back then might not seem funny now. 

Luckily, Facebook has already provided us with a privacy tool that will keep the history within your timeline private, however, it is pretty much napalm to everything in your account. If you take a look at your privacy settings, there is an option to "limit the audience for your past posts." This allows you to retroactively reset the privacy setting for everything you have in your account up until now to your default setting. I've used it a few times to set everything to "friends only," which wiped out the few public posts I had created, and it works like a charm. To block your timeline from being exploited, you could use that tool to set all past posts to "only me" and thus make them privately searchable but blocked even to friends. I'm going to do this... soon. But the side effect is that everything posted up through now will be effectively wiped out from any of my friends' point of view. Anything I want them to see, I will have to find myself and manually redo the privacy settings so they can view it. I don't guarantee this would be the case with photos as well (which is probably the main thing I would want my friends to see on my timeline), but I am guessing it is. 

MAJOR EDIT: Turns out this is not a solution after all. While Facebook limits posts you made viewable to the public or friends of friends to a default "friends" setting, it won't effect every post and you cannot set it to "Only Me." As a result, you will have to go through and get rid of posts manually. Because Facebook doesn't give you an easy way to do this until you activate Timeline, I am changing my stance on activating it early and suggest anyone who wants to know what it will do to their account before it is viewable by everyone, activate Timeline now.

Timeline will also prompt users into entering even more data about themselves, such as previous employment. This might be a counter against popular professional networking site, LinkedIn. If people move their resumes and CVs over to Facebook, they may no longer have a need for yet another social network. Keep your eyes open, you may see professional recommendations as a new feature eventually. In addition, it prompts users to select which of their Facebook friends worked or studied at the same places, effectively tagging this onto multiple people's profiles and timelines all at once. I have required all tags to be approved by me before adding them to may account and I suggest you do the same so that your resume is not automatically filled out for you by well-meaning friends.

Last note on Timeline - I just came across this article that shows that Timeline might give away your real birthday (at least year) even if you marked it private. Heads up.

The new instant sharing innovation is the second privacy issue. Like Timeline, this isn't a big deal if you are paying attention, but there are so amy people out there apparently not paying attention to even the most basic Facebook privacy changes. Coming soon, any Facebook App that you add could include the new automatic sharing option where instead of "liking" a web article, just that fact that you clicked on the link to read that article or watched a video would be broadcast across Facebook to your default privacy settings. Some might not care, but others may not want professional friends to know how much they read the gossip pages, others may not want their political preferences highlighted across Facebook, etc. There are quite a few people already concerned about this. 

I have a solution (work around) for you that I will be employing myself. First, go through your applications and delete the ones you don't recognize. I would only keep the ones actively in use. This could solve the problem entirely, but some apps you may not want drop. If you are actively using one that might expose your reading habits (which could be any), then move on to the next step. 

Since I am going to keep using my favorite apps and some of those might employ this instant sharing, I am banishing Facebook to its own dedicated browser. I'll probably use Opera. The key is to use a browser that is different enough from your commonly used browser so that they will not share cookies/logins. Is you use Chrome, don't use Flock (or Rockmelt?) as they are based on the same code and could share cookies. Same with different versions of Firefox. Choose a browser that you like but don't often use and keep it strictly for Facebook use. I do need to highlight that you will need to log out of Facebook on your active browser and delete all cookies for this to work, a major side effect of which would be that you cannot then use Facebook as the login to other sites using that same browser. This could be a major detractor for some, as the Facebook login across multiple sites is a great convenience and in many cases more secure. 

Last, there is also the controversy over Facebook tracking users even when logged out. I'm not surprised, but the uproar about it reminds me of the uproar over the iPhone GPS tracking issue, so I wonder if that will stop Facebook from extensive tracking for a while. To me, this is almost a non-issue since I now expect to be tracked by pretty much every website I visit whether I log in or not. I'm also being tracked by my browsers and search engines. Everyone wants to know where I've been, what I had for lunch and whether I prefer Pepsi or Coke. This is the way the internet pays for itself. The only thing that really bugs me about it is that it is very secretive. Many people I know are talking about tracking and its pros and cons but there are also many people who are uneducated about who tracks you, why they track you, and how to avoid being tracked when desired. To learn more about internet tracking, please check out the Electronic Frontier Foundation. Here are some relevant articles.

 
Apr 16 / 4:41am

The future of privacy and banning the niqab

In the discussion of banning the Niqab (the full facial veils that are sometimes worn by muslim women) as they recently did in France, I think one part of the debate is very under-represented. You have the media and the public debating the right of religious expression vs. the niqab as a tool of silencing/oppressing women, but I think another debate will quickly come to the forefront: privacy vs. community health/security.

I first heard it mentioned by a TV news talking head a while back (specifically in regards to banning muslim face-coverings) that people need to see each others faces in order for a community to function and that the non-verbal communication is at least equal to the verbal. This was months (maybe a year?) ago and I don't remember who said it but apparently this side debate has been going on for a while and particularly in regards to schools or government situations.

I can foresee this debate getting hotter really soon. It will move beyond religious freedom and we will be asking whether the average citizen has the right to cover his/her face in public. Why? This. And this.

Facial recognition programs have been getting more and more accurate. A few years ago, the best public versions could only identify similar noses or other prominent features, but now if you have two photos of a person's face (a full on and a profile view), they are actually pretty darn good. Don't believe me? Add the Face.com app to your facebook for a quick test-drive. And Facebook is already implementing their own facial recognition tool in an attempt to identify and tag the massive amount of photos on the site.

(By the way, you can turn off this feature for your identity inside your privacy settings. Just disable "Suggest photos of me to friends" in the custom privacy section.)

Auto-tagging and identifying of people in photos is one thing, but being able to use a smart-phone to identify people on the street is another. Sure, when you are out in public, there is no expectation of privacy... except that you usually don't have a name-tag, and you don't hand out cards with everything that is on the internet about you to everyone you meet. That whole corpus of information will be soon available to everyone. Sure, the whole idea is that the person using the tool must already have access to a database of photos in which you are tagged, like your friends' picassa accounts or facebook accounts, but if you have any photos that show up in Google or Bing search engines, if you have a photo in a yearbook, if you have ever spoken at a conference, etc,etc,etc... if you have any photos of you that are public, anyone who is interested can build their own database of tagged faces and make it available to whomever they want. And maybe the photos aren't even public? The obvious potential abuser of this is governments. Most governments require a photo ID of some sort for certain functions, like international travel or driving, so they already have great photos of almost everyone. Another potential abuser is organized crime. Here is a great video from a news source in Australia where they have already noted organized crime attempting to identify police academy graduates.

Right now, it seems that simple face paint can help you avoid facial recognition. While I love this option and look forward to seeing many great punk-rock-like faces at the grocery store, I don't know how long this will defeat the technology. What is next? The niqab for everyone? Ski masks? Face prosthetics like the creepy mask Tom Cruise wore in Vanilla Sky?

And what about the whole non-verbal communication thing? What will future communities function like if people don't meet face-to-face either online or even when in person? And there will definitely be those concerned by the security implications should massive amounts of people start wearing face masks out in public. What is the balance of privacy, communication and security when it comes to facial recognition?

This is the debate I want to hear.

Until then, I'll be wearing my geometric face patterns. And, in anticipation of this debate in conjunction with the next flu scare, I might stock up on a few packs of these.

 
Mar 13 / 7:28am

My last word on Barr and Anonymous

Hey there. I'm here at SXSW and I thought I would make a quick post while I am thinking about it and based on conversations I have had while I am here. I will post about my own presentation when I get home, but until then:

What I am not going to do is explain the backstory about what Anonymous is and I think Gabriella Coleman does an excellent job right here. Instead I just want to say that Barr's campaign to out Anonymous is akin to someone claiming they would find the next mass murderer and rounding up all the Dexter fans. What he did was identify the folks who are vocal about their support for Anonymous. In a case where anyone is allowed to fly the banner of Anonymous for a variety of causes, you can't assume every Anon is involved in every action. If one or more Anons does something illegal, they have to be investigated individually. Let me make one last analogy: imagine corruption from one member of a political party (you choose, Democrat or Republican). In order to investigate the case, you may want to talk to others in that party who may be witnesses, but you cannot consider the whole party suspects. Anonymous is not Al Qaeda. 

 
Feb 20 / 9:05am

What HBGary Federal CEO, Aaron Barr, taught me about corporate ethics

When HBGary CEO, Aaron Barr, kicked the beehive of Anonymous, he obviously thought he was a lot smarter than the stereotypical anonymous kid in his parents basement loading prefabricated DDOS software. He wasn't. He underestimated them by a long shot, and he is now paying for it. But this article isn't about Anonymous. I only reference them here for two reasons:

1. No one is invincible. If you think you can't get hacked, you are actually easier to hack. Everyone is vulnerable to social engineering. 
2. Anonymous is the sole reason that I learned about the unethical and potentially illegal dealings of HBGary Federal, and thus my epiphany on corporate ethics that I will lay out in more detail here.

For those who are not up to speed on the whole HBGary fiasco, please read this article, followed by this long but very important article, and for good measure, finish it off with this article on personas, and then come back and read the rest of my post.

The man at the center of this, HBGary Federal CEO Aaron Barr, was a former Navy SIGINT officer. The average citizen may not know what that means, but those of us who were in the military and particularly those of us who also were SIGINT (in my case, I was a SIGINT analyst, a non-commissioned officer), know that there are very strict legal barriers on what can and cannot be done by the government, especially when it comes to collecting information or intelligence on US citizens. This is called Intelligence Oversight (here is a pretty good US Army PPT Briefing describing it, I apologize if some of the Army lingo is unintelligible, but it is all googlable). And those involved in SIGINT were reminded of it over and over and over. And I bring this up because, to me, it makes Aaron Barr look even worse. He explicitly knows what is illegal for the government, and he allegdly suggested things that would break the law anyway. We'll get into that again shortly, but I need to also add that it is also illegal for the government to try to bypass Intelligence Oversight by contracting to a private company or person.

To jump ahead a little, let me add that I was happy to see that, according to the Wired article, none of his potential customers seemed willing to hire him.

So, let's see, what potentially illegal activities was Barr suggesting according to the Wired article?

1. Basically anything offensive involving getting unauthorized access to a person's or company's network without a lawfully obtained warrant through a judge.
2. Chumming and baiting? Feeding of false documents to expose the system or to reveal later to drive down credibility. Not sure here, but sounds like entrapment of some sort.
3. Monitoring of persons not under suspicion of legal offenses/collection of information that would be stored for extended amount of time without a warrant or other formal legal backing.
4. Covert false identity - this one I am not certain about, but I don't think this can be done casually. It must need some formal legal backing.
5. Target individuals who have no legal offenses based on their political statements. THIS is the entire reason Intelligence Oversight was created - to avoid this sort of thing from ever happening again. This is the one that makes me the most disgusted. Again, as a Navy SIGINT officer, he would have learned the reason for the oversight process over and over. As an officer, he would have been the person in charge of making sure that all of the enlisted servicemembers serving under him received this training. There is no way he could have possibly not have known that this was not only unethical, but highly illegal.

Is any of this illegal as a proposal only (not carried out?) I have no idea. I hope if it is that the correct steps have been taken to prosecute.

Some of the other things he proposed, while they may not be specifically illegal, are unquestionably unethical:

1. The holding of zero-day exploits. Ethical hackers do not hold exploits in preparation of using them later on contracted targets. Ethical hackers alert the software maker of the issue and then publish so that patches can be applied and credit given.
2. Creation of an army of fake online people to make it appear as though there is popular support for an idea or to bully and harass others. As noted in the DailyKos article, public opinion online DOES matter. It can encourage or discourage and cyberbullying is a concern. I am beyond creeped out that there is a request for sources for this type of thing on FedBizOpps (by the way, not a creepy or nepotistic website: nearly all contracts go through there for transparency purposes). I am also creeped out that one of the companies that I look up to in the community, Palantir, was involved in a proposal dealing with this and with HBGary. I agree with Nate Anderson of the Wired article, that the details of this deal probably never went all the way up the chain to the leadership of Palantir and was happy to see them immediately and clearly cut all ties with Barr, but there is a slide with their logo on it that repeats many of the unethical and illegal proposals allegedly made by Barr, indicating that there are members of that organization that saw nothing wrong with these actions.

My first response to this whole fiasco was shock. Then disgust. Then I started wondering what would happen if one of my partners proposed this deal to me, and offered me a huge cut of $$ for providing these services? 

Let me put it out there that I teach and do research on Open Source Information or Open Source Intelligence and have for a long time. I specialize in following the flow of information on the internet, particularly through social networks (especially in the Middle East). Barr's claim to fame (and I use that lightly, since I hadn't heard of him up to that point and I consider myself pretty plugged in to who is who in this community) is social media exploitation. I'm not terribly impressed by the details available via the Wired article, that is actually pretty elementary to find if you know where to look, have patience and are willing to hunt a bit. But I can see why some others would be shocked by them. I suspect that others in this profession are also not that impressed, I know Anonymous wasn't, since he was apparently barking up the wrong tree in his pursuit of them. I'll tell you what I am impressed about - that his customers were willing to pay $34,000 for three days instruction. Maybe they were blinded by the -$26,000 discount? Hello? I would have provided that sort of training (and may I brag - likely better? And legally and ethically balanced?) for under $10K. Suckers. 

Back to the question: what would I do? As my company grows larger and I bring on product managers and other trainers and skill sets, what would they do? How can I guarantee that my company never goes down this track?

My epiphany: a policy on ethics. I am currently researching and building my company ethics policy. It will be a transparent and clearly worded policy and will reside on my company's 'About' page. (Here is our website, nothing there as yet, but a new site is in development and hopefully will be unveiled before I speak at SXSW).

I'm asking for help to make sure I cover everything I need to. Here are the major points to be included so far:

1. Stay well within LEGAL paramaters, whether the customer is government or not.
2. Do not allow a partner or customer to persuade us to bend or break this policy.
3. Ethical behavior. If behavior (or even proposed behavior) is something that would embarrass or shame you or the company if seen in print someday, don't do it.
4. We stand behind our employees, believing that we have selected only the best. Should a case of illegal or unethical behavior be brought against our employees, we will continue to stand behind them through the investigative process. We will believe the best about those we have chosen to work with unless proven wrong.
5. If an employee has been found to be in violation of this policy, or the spirit of this policy, his/her employment with Plessas Experts Network, Inc. will be immediately terminated.
6. If a partner has been found in violation of legal or ethical charges, we will terminate the partnership.

I appreciate any further ideas or comments. Lets discuss this issue openly and make it less likely that this sort of thing will happen in our community again. I am a firm believer that you either have an ethical compass or you don't. Those who don't need to know that there are a number of people committed to ethics and that unethical behaviors will not be tolerated.

UPDATE: Here is where I will incorporate suggestions:

1. Give employees a method of reporting illegal or unethical events that will protect them from backlash by colleagues or supervisors. (Allow them protection to report unethical dealings of their bosses, regardless of where they are in the heirarchy. This means that if someone wants to report on something that the president/CEO has done, they can be shielded from termination or retribution while an investigation is completed.) -Thanks for the input, Kelcy!

UPDATE II: I changed the wording somewhat. Disclaimer: a person is innocent until proven guilty by a jury of their peers. This looks bad for Barr, but I have to give him some room. Maybe he was framed?

 

 
Jun 20 / 7:01am

Check out Plessas Experts Network, Inc. shared links on Facebook

We're posting interesting things from around the web on Facebook! Come check it out!

 

 

 

 
Apr 30 / 4:50am

New Facebook Tools

Note: See update at bottom!


You may have noticed a cool webpage called "Like Button" that shows you they things your friends share on facebook - but did you know that it can also work as a search engine for public postings on facebook?

Check this out:


They have no search bar yet, but if they are smart they will just add it, even if you can do your own searches using the additional boxes below or hacking the URL (which is what I did here).

A quick tutorial on the URL hack: just replace the keywords in the URL to search: http://likebutton.me/?q=kirby could be http://likebutton.me/?q=google or http://likebutton.me/?q=baltimore and just put the plus sign (+) between multiple words like http://likebutton.me/?q=new+brunswick and http://likebutton.me/?q=star+wars+episode+3.

Also, don't forget to try out this handy tool that lets you input a name, url, email address, etc and search it on twitter. I find this one to be touch and go, but it does give interesting results. Works best when you know the Facebook ID # and can just search on that.

UPDATE: I knew it would not be long before there were some other Facebook search engines out there - and now there are. Go give Open Facebook and Booshaka a test search. There will be more of these search engines out soon and expect more features to show up as well, such as limiting to locations our linked/unlinked content. I am not planning on reviewing every search engine that comes up, but I will highlight a tool when I think it is unique.

Also of note: if you are logged in to Facebook, when you do a search and click the "more results" you can also search public statuses and posts by selecting the "Posts by Everyone" link.

Filed under  //  facebook   search  
 
Mar 22 / 6:22pm

A first-timer's SXSW experience - and why I will return


There are tons of articles out there purporting to teach newbies to have the best time at SXSW, and then there are a ton of articles laying waste to SXSW and slamming the conference for its excesses.

This is neither of those.

I'm writing this article to explain how my first SXSW experience went, why I liked it and what I would do differently. But I can't expect it to be a guide for many because of one really big factor: I didn't attend any of the huge parties and I did not stalk the Twitterati. I met one "celebrity" and I didn't even know ahead of time that he would be there, nor did I go out of my way to meet him.

Let's back up. Before SXSW, I did sign up for the list of parties via several "SXSW insider" sites and I did even rsvp for parties. Parties for which the rsvp meant nothing of course, as thousands had rsvped but the party announcements themselves stated that the first 250 people to show up would get in. I did have every intention of attending a few of the parties - though I knew I would not attend many. It's not my bag, baby.

Fast forward to the conference. The two biggest reasons I did not attend the parties:
1.) I was at the conference to attend panels, including the early panels, which would not have been attended had I been at parties all night.
2.) My hotel was quite a distance from the conference. A large distance. A really large distance. The conference shuttles weren't even going to my hotel, it was that far away. That said, the hotel had a shuttle which I did take every morning to the conference, but I took taxis back every night. And after I took that taxi ride back to the hotel after late panels and dinner with friends, the chances of me going out again were practically nil. No, actually they were nil. I did not once go out again after returning to my hotel in the evening.

But this avoidance of parties, accidental or not, actually increased my enjoyment of the conference. I waited in no lines. I had no hangovers. I attended every panel that I thought might be interesting. And I met tons of fantastic people. What more could I want?

Well - a couple things.

Next year I will be getting a closer hotel. Period. I will also be bringing an extension cord and a multi-plug adapter. I won't bring a power strip as that was just too big and clumsy to carry. I will bring my iPod Touch again - turns out that was the handiest thing to have and much easier to deal with than a laptop. Maybe I will have an iPad for next year. But probably not. A backpack makes more sense than the laptop bag I was using, even if it was one of those airport friendly bags.

I have to commend the SXSW organizers for the excellent wifi at the conference. There were also plenty of plugs to charge equipment - including the solar charge stations set up strategically in a few places near the conference center. The assorted freebies and schwag was great, although too much paper (as expected). I was really excited to get Stickybits although I have not used them yet since there is no Symbian app for my Nokia N95. My N1 (android) should show up tomorrow so that will no longer be an issue. I bought a Darth Vader Mimobot, too bad it wasn't the special edition face. I was also impressed by the Stiffy Tees. We are t-shirt aficionados at PEN. And anyone who wanted Knowledge Management Solutions and Enterprise 2.0 apps would not have been disappointed at the trade show - there was an impressive collection of companies.

I was also excited to see extensive use of QR Codes, even though, strangely enough, I did not make use of any of them myself. I have a QR Code on my business card so that my contact info can be directly uploaded to anyone's cell phone, but I wasn't interested in uploading ads or trying to follow anyone on MySXSW (if everyone else used that site as much as I did, it would be pointless to follow). Instead, I collected Twitter names.

Overall the circus atmosphere of SXSW was entertaining for a short while and I loved Austin (my first trip there) but it did wear on me and I was happy to leave by the final day. I will leave you with the titles of my favorite panels so you can look them up on the SXSW website if they interest you:

  • Rework by 37Signals (Jason Fried talks about his book)
  • Africa 3.0: A Look at the Future of a Connected Africa (TMS Ruge introduces innovation centers in Africa and highlights some projects)
  • Zero Waste: The Future of Green (Steven Mandzik leads a discussion on Green IT, efforts in Austin and living the zero waste lifestyle)
  • Location Beyond iPhone: Locating 100+M Phones (Tasso Roumeliotis describes server-side location technology, its capabilities and where the industry stands in the United States today)

I am writing up a conference report on the panels for my client and I may excerpt some of that here at a later date.

Filed under  //  sxsw