Anybody who has been paying attention to the news recently will know there are two threads running which directly relate to the trade off between security and our personal privacy. The most recent is the ongoing release by The Guardian of information mined from secret documents provided to them by Edward Snowden; the other is the trial and sentencing of Pfc Manning, convicted recently of leaking classified documents to Wikileaks.

I have been somewhat conflicted by these because, on the one hand it is important the people trusted to protect national secrets actually do that. But, on the other hand there really needs to be a way that violations of the law within that community can be reported properly, and are taken seriously.

Breaking the Law

In both cases, it is apparent that laws were broken. Those who work with national secrets (and I used to be somebody in that position, though not intelligence related) are trusted to maintain those secrets no matter what. In the UK, people who work regularly with such information are required to sign a copy of the law that protects these secrets. Not because it doesn’t apply until it has been signed – like any UK law, it applies to everybody in the country. We are made to sign it so there can be no doubt that we have read it, and understand what it means.

Simply disagreeing with something that is being kept secret does not change that. People trusted to protect national secrets are not (usually) the ones who get to decide when something is no longer a secret and can be released to the media.

But the law works both ways. The people in charge of these agencies are, by virtue of the fact that most of what they do is hidden from public oversight, trusted to be doing the right thing. As has become apparent over the last few weeks, even the politicians charged with over seeing the activities of these agencies have limited ability to really see what is going on. Instead they are left to trust compliance reports generated by the same agency. Can you imagine a public company being allowed to audit its own financials? Or school kids being allowed to grade their own test papers? Why are these agencies not audited by another part of the government?

I have seen nothing reported so far to suggest that the NSA has ever intentionally violated the rules set up to bound their activities. And to be honest, even though the number of violations sounds large in isolation, when presented as a percentage of the total number of queries they run, it is pretty small. Easily believable as unintentional mistakes. After all, the people running these queries are just human, and we all make mistakes. It is also apparent that they monitor & record violations of their policy, otherwise the report would not exist. Not really the behaviour expected of a rogue agency ignoring the rules; more like one staffed by humans, perhaps over worked ones at times.

Content vs Method

Another thing that stands out for me in all of this is that everything I have seen so far has been describing the methods used to gather intelligence. When dealing with encryption, it is often best to have the method well known, and well reviewed. It is the content that needs to be kept secret, not the algorithm. Obviously, that does not translate perfectly to all situations, but what is the harm in everybody knowing that the intelligence gathering agencies of the world are looking for the bad guys online? And that they have the ability to tap into lots of the pipes carrying traffic around the world? Does anybody really think the bad guys didn’t already assume that was happening?

There are clearly questions about how intelligently the technologies are being applied, but I think the public needs to come to terms with their expectations of privacy regarding Internet communication. Unless you take steps to protect it, I think you need to assume that anything you send over the Internet could be seen by any number of folks (for example, the sys admins in your office or at your ISP). I have always told less tech-savvy folks who ask me that email is more like a postcard than a letter. There is no envelope covering the contents while it is in transit. Luckily for us, most people, including those working for government agencies, likely have more important things to so than read the emails we send to our friends & family. And if you are posting on Facebook or Twitter, that is like pinning a notice on a community noticeboard. I don’t understand people who expect Facebook to be private – it is a platform for sharing.

Bottom line is if you are sending something sensitive (for example, the designs for a new product, drafts of a patent or the source of your application) in email, encrypt it. And choose a good, long pass-phrase or an asymmetric technology like public key.

Forcing criminals to avoid electronic communication for fear of being detected sounds like a good idea to me. Sure, it might be harder to see what they’re planning, but it is also much, much harder for them to coordinate & plan their attacks in the first place.

Crossing the Line

All of that said, two things today struck me as government crossing the line. Detaining David Miranda under the UK’s terrorism law, and demands for Pfc Manning to serve 60 years because he is still young both seem to go beyond reasonable.

Stopping Mr Miranda was almost certainly justified because he might be carrying classified material that he was not authorized to be in possession of. So, while technically legal, a very amateur move by the UK authorities. Had they been paying attention they would have read the excellent article in the NY Times magazine detailing the extraordinary measures Glenn Greenwald and Laura Poitras take to ensure the security of the material they have. Even assuming Mr Miranda was carrying anything of value, it would most likely have been encrypted in a way he could not decrypt (a simple public key method could achieve this goal, such that only Mr Greenwald could decrypt it using his private key).

It doesn’t end there though. Even if he had been carrying unencrypted documents, you would expect the people tasked with this kind of operation to understand that “recovering” them from Mr Miranda’s laptop, thumb drives or phones does not mean they are not still out there. Are they really naive enough to believe that by taking any copies he had they would stop Mr Greenwald writing anything more? Even before everything became electronic, paper documents or even film could be copied, so this should not be news to the people in the intelligence world.

As for Pfc Manning, does he really deserve to spend the rest of his life in prison? Was his crime really that serious? And does society benefit from locking him up many times longer than a murderer or rapist? What about those whose irresponsible actions led to the financial crisis we’re in, most of whom haven’t even been charged with anything despite negatively impacting orders of magnitude more people. It is clear nobody will entrust him with state secrets, but I am pretty certain he could contribute way more outside of prison than inside. Demanding he spend the rest of his life behind bars is just vengeful. So much for being a christian nation.

Intelligence or TSA

It was somewhat refreshing to hear that at least some part of the government was using intelligence (or at least trying to) rather than brute force to find the criminals who would attack us. Airport security has always appeared to me to be ineffective security-theatre, designed to make people feel safer as long as they don’t think too much about it. Always just reacting to the last attack vector, never predicting the next one. Catching criminals works better when you use intelligence and detective work.

Really, which is better: (a) having low paid bouncers at airports (or even train stations, arenas & along roads now) scare us into taking our shoes off and throwing away our bottled water & shampoo, (b) having intelligence analysts looking for patterns in electronic communications that could lead to thwarting an attack before it even made it out of the planning phase, or (c) doing nothing at all and letting these common criminals terrorize us all?

As more and more of the services we use every day become encrypted (think email, Facebook, Skype and even Google now), the ability to see patterns in the data captured from the infrastructure of the internet is reduced to just the patterns in the very limited meta-data about the connection itself. There is a certain elegance, at least from a technical perspective, in being able to tap into the data post-decryption in the data centers of the most common services. Unfortunately, it is a model that doesn’t scale (I think about scaling things a lot these days). There will always be services that are not included, or services like Lavabit that would never agree.

And I have to wonder whether the kind of criminals planning major attacks on us are really using Facebook to communicate. Seems pretty unlikely to me. I would have thought they would stick to less well known, and more secure services, likely using security like VPN tunnels or anonymisers like Tor. In which case, analysing the traffic going to Facebook and Twitter, or even Google would provide little or nothing of value.

A while back I took delivery of my Pebble smart watch, and wrote up my initial reaction to the watch. Having lived with it for a while, I am still loving it (and it still gets comments and questions from people who see it). But everyday usage was starting to show too, with minor rubs and even one fairly annoying scratch in the center of the screen. 

Polish or Wrap?

I started my mission to fix these scratches and restore the initial beauty of the watch by looking for polish products that might work. I did find one product that said it would work on Pebble watches, but while researching I found several people who had simply installed a screen protecting wrap over the minor scratching and could no longer see them.

In particular, it seemed people who had tried wet process wraps had great results covering scratches. So, I ordered a few different options from Gadget Wraps. I got four clear wraps, and a mix of their colored wraps to try if I fancy a different colour Pebble.

Installation

The process sounds complicated, but the video on their how-to page made it much clearer. Spray a fine mist of water on the wrap & on the watch, apply, slide until it is centered and then leave for 5-10 minutes before smoothing down the four arms of the wrap. The instructions then recommend you leave it for 24 hours after which it will be ready to wear again (it was tough being without my Pebble for a day!).

Bubbles & Scratches

The one thing the instructions say is that any bubbles visible just after fitting it will disappear on their own as it dries. That took longer than I had expected, but after 3 days I have no visible bubbles at all and I am very happy with the way it looks on the watch. I installed a clear wrap first, and you cannot tell it is there.

Even better, the scratches that were on the screen of the watch (when did watch faces become screens?), are totally invisible under the wrap.

Protection

Even if I had gone for the polish, I was going to install a screen protector. Perhaps it is just me, but I find I bump or rub the watch on too many things (my wedding band suffers a similar fate). Yesterday was the first time I noticed this after fitting the wrap; coming back from picking up lunch to notice paint rubbed off a wall onto the front of the Pebble.

A little hand sanitizer (which I find to be a great cleaning product) on my finger wiped it off the surface of the wrap & no harm was done to the watch.

Conclusion

They are not cheap (mine were $9 for two, but I got a promo offer of four pairs for the price of three, and because I bought that many, free shipping), but replacing the Pebble would be more & the polish products I saw worked out about the same without the benefit of future protection.

I am happy, and would certainly recommend them to a Pebble owner looking to protect their smart watch from the effects of everyday life.

I think these have always been my favourite animals at Oakland Zoo. Not sure exactly what makes them so appealing, but I think a major factor in there is simply that they can be relied on to be present & entertaining.

This guy was busy swinging around from branch to branch, while the other one sat looking like she had the weight of the world squarely on her shoulders.

300mm

I haven't taken my 300mm lens to the zoo in a while (in fact, even the DSLR has found itself left at home more often than not now we have a toddler & all of his paraphernalia to cart around). For the least trip though I pulled out the long lens, and risked hand holding it. Not everything came out well, but a lot did.

The white furred gibbon was sitting still on the branch for a while, making it relatively easy to get good shots of her. Her mate, on the other hand, was never still; capturing good shots of him was much harder.

That said, the one above and the one of him in “flight” along a branch are definitely among my favourite shots of these guys ever (and, since they're always out, I have a lot of photos of them).

The one thing I love about the 300mm, when it works, is the tight DoF on it. The backgrounds at the zoo are not always ideal (although the gibbons' exhibit doesn't really have much of an issue). The tight DoF blurs those less desirable backgrounds leaving the subject of the photo sharp. Just like this shot of the gibbon swinging.

When your toddler has family in several continents, it seems inevitable that they will be introduced to the experience of flying at a much younger age than their parents were. In our case, I didn’t leave the ground in an airplane until I was 19, and then I jumped out of it before it landed! Our little boy has already done three trips, including two long haul international trips, and he's only just 18 months old.

Test Flight

My first tip would be to plan a test flight, somewhere close (say 1-2 hours away), just to see how well your toddler reacts to being on a plane. We were lucky in that our little one slept both ways on the short flight we did (Oakland to Las Vegas), but in case it is a nightmare experience, you don’t want it to be too far to get home.

Continue reading →

One of my recent online discoveries has been a blog called Dadabase, hosted by Parents magazine. It was actually through an article in their (electronic) magazine that I discovered it, and ever since then I have been an avid reader.

I can't say I agree completely with Dadabase author Nick Shell on everything, but it is fun to read about his experiences with his little boy, not least because he is about 6 months older than my own son so it is kind of like looking a little into the future!

Nick manages to post something almost every day, in addition to having a full time job and a baby. I don't know where he finds the time, or how he thinks of new topics, but I am enjoying reading his blog. I even have his Facebook page added to my news feed so I get the links to the articles there each day, as well as some occasional extra content.

One of the reasons I am blogging here in my own blog about my experiences with my little boy is that I don't think I'd be able to find the time or the topics to make a standalone daddy blog worth reading.

Does anybody out there have any other good daddy-oriented baby blogs they'd care to recommend?

Standing in the line for the return ferry tonight, along with hundreds of others who had been forced to try the ferry by the BART transbay outage, I had a chance to ask one of the SF Bay Ferry employees walking the line why they had not separated the Oakland & Alameda traffic with the extra boats they had added. That was something they had been doing when the free spare the air day rides increased the traffic. The answer was that they had not had time (or it simply didn’t occur to anybody to do it).

It reminded me though of the work we had done on our web services in the early days of scaling up to deal with rapid load increases. Sure, the first thing you do is add extra capacity. For the web service, more servers; for the ferry, more boats. That helps, but you might still find that some requests are hogging more of the resources than others, and delaying otherwise quick services.

Waiting in Alameda felt a bit like that yesterday morning as all the extra boats raced to Oakland & filled up, either arriving at Alameda with very little space for more people, or bypassing us completely because they were already full.

In our web world we faced a similar situation, with more complex requests holding up light weight requests that needed a fast response. The solution was simple: split the servers into two pools & manage the capacity for each pool separately. We actually ended up with more than two pools, but this simple approach has allowed us to manage resources much more efficiently and also implement automatic scaling for each pool independently. Sharding is often used for scaling databases, but it can also be effective for managing traffic.

The SF bay ferry service experienced a big spike in traffic today, and while they responded by adding additional capacity quickly (five boats instead of one this morning), they could have used that additional capacity more wisely and kept the lines at both Oakland and Alameda flowing more evenly.

Can’t believe it has been over a year since I’ve posted here. I actually started a post just over a year ago detailing the birth of my little boy. Then I decided that was too much information for public consumption & didn’t post it.

Now, over a year later, that little baby who seemed so fragile has become a toddler, running around our house getting in to everything he can reach. While my life is definitely still busier than it had been before his epic arrival, I think I can probably get back to posting here more frequently. Especially if I can get this Blogsy app for my iPad to work well – allowing me to write on BART.

You can probably expect a few reviews of baby products, as well as any commute horror stories (it is ironic that I am writing that today, the day of the big fire at West Oakland BART which caused havoc for my morning commute), but I’ll try to mix in some tech and photography posts too, promise.

What do you say about a warthog? Such a mean name to give an animal.

Another shot from the Monterey Bay Aquarium. We rested for a while in the back row of the little theatre in front of the kelp forest tank. While there, an albatross was brought out to be introduced to the crowd, but in the background one of the leopard sharks started swimming close to the glass.