Liminal states

Flying down to SF last Monday for RSA, I opened up my Macbook and got … nuthin’. Once I landed and plugged it in, and the little green light on the power supply connector didn’t even come on, I realized I was in trouble. So I headed down to the Mac store, conveniently right by the Muni stop, and made an appointment at the “Genius Bar” for that evening.

One of the geniuses in residence verified that his power supply connector light didn’t come on either, checked a couple of things, and asked if he could go in the back to run some tests. Sure, no problem. He came back within 10 minutes and said that seemed like there was some liquid in the display — he had verified that the machine booted, so it wasn’t hopeless. After signing the usual disclaimer in case of data loss (and wondering when was the last time I had backed things up — I’m still on Tiger, so haven’t yet experienced the joys of Time Machine) and authorizing a charge if need be (I hadn’t bought AppleCare), I left my Mac to be shipped off for repairs.

Thursday afternoon, I got a call: my Mac was at the store, I could come pick it up whenever. I Muni’ed back down the store, showed my photo ID, and there was my machine. I booted up to verify, and everything was hunky-dory; Firefox even offered to restore my last session state. Color me impressed.

“This was a really good experience,” I said to the helpful Genius.

“Always glad to hear it! And you’re still under the one-year limited warranty, so there’s no charge.”

Hey, I may be a geek, but I really hate dealing with hardware — or any other kind of machine configuration. Being able to find a place in whatever city I’m visiting on a business trip, talk to somebody knowledgable and competent, and have the right thing happen without me having to put out a lot of effort … that means a lot to me.

I found myself thinking about the arguments that cropped up from time to time on the Litebulb DL at Microsoft, as techie guys went on at great length about how Apple’s emphasis on the retail experience was a sign of weakness and used market share numbers to “prove” how real people (as opposed to the ones in Apple ads) didn’t really care about things like this. The other people at the store, or at the Genius Bar getting Mac, iPhone, and iPod help, seemed pretty real to me.

Sure, I beat Apple up about their security. That’s not the only consideration. I find the usability, responsibility, and attention to design of the Mac experience much more pleasant than Windows; it feels to me like I’m more productive (although when I’ve actually tracked my time, it’s roughly comparable). Throw in stellar support experiences like the one I had …

I hate to say it, but I think I’m now officially a Mac fan.

[And yes, I have now made a current backup. Thanks for reminding me.]

In RSA: “It feels like something’s missing” earlier this week, I mentioned that I found myself wondering whether what I was seeing at the show responded to security problems as experienced by users. Coincidentally enough, when I checked Slashdot today there were several of interesting security-related threads. So while it’s far from a statistically-valid sample, it’s still agreat chance to ask: is the industry successfully addressing these kinds of problems?

Let’s start with Oklahoma Leaks 10,000 Social Security Numbers, which is by far the most serious single issue:

“By putting SQL queries in the URLs, they not only leaked the personal data of tens of thousands of people, but enabled literally anyone with basic SQL knowledge to put his neighbor/boss/enemies on the sexual offender list.”

Continue Reading »

A continuation of RSA: “It feels like something’s missing”

RSA’s a tough show for static analysis companies, but several were there. Ounce had the largest booth and an excellent message (“listen to your code”); Veracode, Armorize, and Fortify had smaller presence. However, I didn’t actually spend much time at the booths or looking at the details of any specific technology, instead talking with various folks I ran into about the strategic possibilities.

Continue Reading »

The last time I was at the RSA conference/expo in 2004, Bill Gates talked about PREfix and PREfast in his keynote — he even went off and started talking about Microsoft’s acquisition of PREfix! Hard to top that … but it’s a great place for shoozing and to get a feel for the market, so I spent a couple of days hanging out there last week. Unsurprisingly, I was largely thinking about strategies related to static analysis products and technologies, and I’ll cover those in my next post. First, though, I wanted to share my more general impressions.

Continue Reading »

From The Angry Black Woman:

I call a Carnival. The Carnival of Allies. Where self-identified allies write to other people like themselves about why this or that oppression and prejudice is wrong. Why they are allies. Why the usual excuses are not good enough. I figure allies probably know full well all the many and various arguments people throw up to make prejudice and oppression okay. Things that someone on the other side of the fence may not hear. Address those things and more besides.

And when I say allies, I’m talking about any and every type. PoC can be (and should be) allies to other PoC, or to LGBTQ people if they are straight, or any number of other combinations. If you feel like you’re an ally and have something to say about that, you should submit to this carnival.

More, and a submission form, in Allies Talking.  Deadline is May 5, and she’ll be posting the links in the second or third week of May.  It’s a subject I’ve been thinking a lot about lately, so I’ll almost certainly be writing something … I encourage others to as well.

i woke up this morning thinking about Muses and realized that i should apologize for the focus of my writing over the last several months.

Continue Reading »

Tales from the Net co-author Deborah Pierce’s Into the Lion’s Den — a privacy advocate’s work is never done (on her tribe.net blog) talks about a panel she was just on at ere expo, “the nation’s leading recruiting conference.” She was there for a debate with the CEO of a company whose mission is “to map every business organization on the planet, contact by contact”:

The CEO started by asking how many in the audience had heard of Jigsaw or had used Jigsaw. About half of the people raised their hands. When my turn came, I asked how many people had heard of Fair Information Principles*. There were about a hundred people in the room and about three people raised their hands. With this crowd I wasn’t surprised.

Continue Reading »

Fourteen years ago today was my last day at Digital Equipment Corporation before leaving to work on the technology today became PREfix and the company I started with a few friends that became Intrinsa, so it seems especially appropriate to post about this today …

I’m delighted to announce that I’m starting a part-time strategy consulting gig working with San Francisco-based software engineering startup Coverity. My initial focus will be exploring possibilities in the security space, and I’ll be using techniques like community-driven strategy and design, asset-based thinking, and social network analysis. So it’s a very natural followup to each of my last three professional incarnations: static analysis architect, computer security researcher, and grassroots strategist.

Continue Reading »

Yes, really; and then defends the “thoroughness of the Officers involved”. Don’t you feel safer now? Our tax dollars at work …

From AP’s coverage of Mandi Hamlin’s press conference:

The female TSA agent used a handheld detector that beeped when it passed in front of Hamlin’s chest, the Dallas-area resident said.

Hamlin said she told the woman she was wearing nipple piercings. The agent called over her male colleagues, one of whom said she would have to remove the jewelry, Hamlin said….

She was taken behind a curtain and managed to remove one bar-shaped piercing but had trouble with the second, a ring.

“Still crying, she informed the TSA officer that she could not remove it without the help of pliers, and the officer gave a pair to her,” said Hamlin’s attorney, Gloria Allred, reading from a letter she sent Thursday to the director of the TSA’s Office of Civil Rights and Liberties.

Continue Reading »

MLB.com says, “It’s March, time for madness and brackets and… baseball movies!” Fans can choose “the best baseball flick ever” from 64 possibilities in four categories — Comedy, Drama, Old School and Left Field.

My brother’s movie, Little Big League, is in “Left Field”, up against The Hank Greenberg Story in the first round, and then either Ken Burns’ Baseball or The Bronx Is Burning in round 2. Tough bracket; pity he didn’t draw Sandlot 2. Still, Little Big League has a lot of fans; what kid doesn’t dream of inheriting a baseball team? So it’ll probably come down to demographics: will the youth vote turn out?

Voting closes March 27 … that’s today! What are you waiting for?

Update, March 28: Field of Dreams beat Major League in the championship; The Natural and Pride of the Yankees rounded out the final four. Alas we can’t find the results for individual brackets, so no idea if Little Big League made it to the Sweet Sixteen or even Elite Eight before its Cinderalla story came to an end …

Update, March 27: Macbook Air pwned and owned — in two minutes!

Update, March 28: Vista laptop pwned via an Adobe Flash vulnerability.

Update, April 16: Apple issues Safari patch.

Props to the winners — and to Ubuntu Linux, which emerged unpwned!

Continue Reading »

It’s amusingly difficult for me to write professional biographies, especially for print publications. Not only do I have a hard time reducing my career to the paragraph you’re usually allowed, at some level it feels like it forces me to reify my identity. Nonetheless, it has to be done; right now, I’m on the hook for bios both for the Computers, Freedom, and Privacy program committee and an upcoming book chapter on computer science as a social science.

So here’s a stab at it … feedback, please!

Update, 3/27: revised substantially after great feedback. Original version in the comments. Thanks all!  Additional minor edits on 3/29.

Jon Pincus’ current professional projects include Tales from the Net (a book on social networks co-authored with Deborah Pierce), starting a strategy consulting practice, and blogging at Liminal States and elsewhere. Previous work includes leading the Ad Astra project as General Manger for Strategy Development in Microsoft’s Online Services Group; creating the static analysis tools PREfix and PREfast (now available in Visual Studio) at his startup Intrinsa and then at Microsoft Research; security planning with the Windows Security Push and XPSP2 task forces; and the National Academies/CSTB panel “Sufficient Evidence?” His primary research interests relate to recasting the field of computer science as a social science. In addition to the applications of this lens to security discussed here, other social science approaches embodied in Ad Astra and the earlier Project Fabulous include asset-based thinking, narratology, cognitive diversity, intersectionality, philosophy of technoscience, oppression theory, and hot pink beanbag chairs.

(Note: that’s the version for the computer security paper; the other one will have slight differences in the last sentence.)