More turtleneck, please.

A little preamble: I like apple products. I'm not a fanboy, but their products rock. I have a macbook pro, 5 ipods - old shuffle, new shuffle, old nano, old classic, new classic, and an iPhone 3GS.

I bought the 3GS when it first came out, and for the past two and a half years, I've loved it to pieces. I held off on the iphone 4 because I was in a contract, and it wasn't that drastically different. Fast forward 15 months. Like many of you, I sat in front of my work computer, wallet open, waiting for apple to announce the iPhone 5. They announced i OS 5 - great! Apple A5 chip? Awesome! 5 lenses in a cameraphone and f2.4? Sweet! 5...5...5...no iphone 5. No "oh, and one more thing."

I don't feel betrayed. I still think apple makes great hardware, but if I'm going to spend $200 on a phone and a new 2-year contract, I'm not sure I can justify upgrading. Next week, Samsung/Google will announce the next Nexus phone. Apple has cleverly sandwiched the announcement with the release of their new iOS and the "new" iphone, but I am hoping that fellow tech lovers would consider their options.

Deactivating Facebook

In 2003, a friend told me to get on facebook. It was at www.thefacebook.com. I ignored his hipster request for an entire semester. I first signed during the winter of 2003. I added about 100 friends in a day. I was hooked.

Eight years ago, facebook addiction didn't exist. Now, it is mainstream (1). New statistics come out every once in awhile, and are now updated in real time at http://www.facebook.com/press/info.php?statistics. The statistics and growth rates are very common online (2). These numbers give us the "wow" factor but are essentially pointless. The number of users ceased to matter after facebook did away with user verification. It was a great service when it was college-specific, a good service when it added workplaces, and less-than-mediocre when it opened up to the general public. Now, we have serious issues with social media security, digital identity, and the duty of harvesting digital crops on time.

Recognizing my own addiction, I've decided to act upon it. I turned 27 in June. It took me that long to realize that you have to give up who you are in order to turn into who you want to become. Tonight, I want to become one of the elite few who do not have facebook. I want to be left alone. I told my heartbroken fiance that I would deactivate my account and that technically, her account will no longer show her as being engaged to me, which effectively ended our digital engagement. Luckily, she has a ring to prove it in real life.

Then again, there is always Google+.  



1) http://www.psychologytoday.com/blog/positively-media/201005/social-media-addiction-engage-brain-believing
2) http://www.checkfacebook.com/
3) http://www.computerworld.com/s/article/9135795/Study_Facebook_use_cuts_productivity_at_work

Technology Adoption vs. Social Technology Complexity

Everett Rogers’ “Diffusion of Innovations” is a popular graph that is useful for breaking up adopters into 5 different categories, depending on what time they opt to adopt a particular technology. For example, early adopters can either benefit extensively from new technology, or fall into “The Chasm” where the technology never takes off to be utilized by the majority. This can be due to several factors, including lack of interest, IT project failures, immature technologies, etc. Technologies that have fallen into “The Chasm” include Artificial Intelligence (AI), Computer-aided software engineering (CASE), a variety of Enterprise Resource Planning (ERP) systems, and Enterprise social media. There is a plethora of specific corporate examples including AMR Corp’s “Confirm” reservation system in 1992.

The problem with this chart, is that it doesn't take into account how rapidly "Innovators" become "Early Majority." The adoption process for social technologies depend on the complexity of the technology, over a specific period of time. Here is a chart that I've drawn to illustrate this: 

This proprietary graph provides us with three pieces of key information pertinent to modern IT that builds upon Everett Rogers’ idea. The adoption curve here has been divided into three categories based on the complexity of the technology and the rate of adoption.

The first stage shows an adoption increase along with the maturity of a new technology. At the end of this first stage, adoption rates will either increase exponentially (i.e. cloud computing) or cease to exist (The Chasm.) The technology is in its prototypical state, and offers a demonstration of a vision rather than a full fledged product.

During the second stage the technology is becoming the norm, and there is controlled risk in adopting the technology. Complexity in this stage continues to increase gradually, as the majority of users will demand new features.

During the last stage, the majority has already adopted the technology and those who do not adopt the technology will perish. For example, VMWare and virtual computing. In this stage, the technology will become increasingly complicated until it is no longer sustainable, or it is limited by currently available information and hardware.

Google+ and why it matters

I've been on Google+ for about a week now. I wholeheartedly support competition to facebook for the sake of competition, and not necessarily the advancement of social networking technology. Google+ is significant because we are overwhelmed by information. I've been a facebook user since 2004, and during this time I've seen it grow to unwieldy proportions. It has both the power to connect you with the world, and the power to take you out of the real world in order for you to harvest your crops. We need to learn how to use social media wisely, and for the most part, it is a disconnected and jarring place full of non important status messages and regurgitated information.

I like Google+ because it is fresh and new. Facebook is a dinosaur in terms of social networking technology. The reality is that facebook can come up with something similar to Google+ overnight, if they really wanted to, but they can't do it without involving the rest of the facebook "experience." We need a new way to think about how we connect with people, and how to use this technology for enablement instead of the technology being a stand alone experience in itself. Google+ quite simply has what I need to do just that - it's simple, minimally-invasive, and allows you to stay in touch without overwhelming you with unnecessary information. The idea is simple and effective: sometimes I only want to deal with certain social "circles." I don't want my status broadcast to everyone in my social world, because it dilutes the message I want to put out there for specific people. With circles, I'm able to very effectively control who and what I say to different groups of people. It makes us human again in the way we communicate through technology.

I wish G+ the best. I, for one, can't get off my facebook addiction fast enough. I only wish there was a way to port over my facebook photos to picasa...

Exchange of Statuses vs. The Exchange of Ideas

I've been an introvert all my life. I dislike large groups of strangers, and thrive in one-on-one conversations. This has enabled me to go for "quality, not quantity" in terms of the friends that I have. I have 650+ friends in my friends list, but really only care about 20 of them. This is because with those 20 individuals, I've developed a deeper friendship that revolved around the exchange of ideas - a sharing of life and its share of troubles, triumphs, and inconsistencies.The other 630 people might know me from church, school, or work. I might know them on the surface, but I haven't invested time in getting to know them. I might know how they are through an exchange of statuses, but I don't really know what makes them tick.

This sets up a fundamental problem in a society inundated with social information technology, and a lack of user-based understanding of what it means to be "connected." Internet addiction has been in the limelight for the past 15 years, and is considered a serious disorder. Addiction to social media, as it has matured over the past decade, has been recognized as a cause of loneliness (1). While various factors that go into this addiction including personality and social lives outside of social media, the reality is that there has been a shift in the past decade from an exchange of ideas, to an exchange of statuses. This fundamental shift affects the way we communicate with each other as individuals, which ultimately affects the way we view ourselves and our roles in a technology-enabled society.

For example, I might update my twitter and facebook status daily, but if you take all the accumulated status messages I've ever written which has been read by my hundreds of online "friends" in the past 5 years, the accumulated content of these status messages will tell you very little about who I am as a person. I imagine that any person, however capable they are with working with the 140-character limit, can't be broken down into a series of pithy comments. The artificial connectedness that people feel via social technologies falls short of our social needs because it lacks CONTENT. You might know what I had for dinner, who I had it with, and where I had it - you might even get the gist of the dinner conversation - but you will never actually be there at dinner with me when I discussed the contemporary applications of Tolstoy with an equally geeky friend. We are at an age of communication where people try to speak in perfect pithy phrases.

Leo Tolstoy once remarked that as a person, we must choose between "conscience and life." This is a status-worthy message, but it means very little on its own without elaboration, context, and a basic understanding of philosophy (2). Can we consciously choose to commit to meaningful relationships, while still living out our digital lives? Can we use our current social technologies in a manner that enables and encourages its users to simply talk to one another where there is as much exchange of ideas, as there are memorable, pithy comments? I have to believe that it is possible if we focus on developing social technology to enable meaningful discourse. The exchange of statuses will continue to proliferate - the question is how can we enable social media users to move beyond the frivolous in order to feed on the substantive. This is one of the questions I will explore in my dissertation.


1) http://www.huffingtonpost.com/lisa-haisha/is-your-facebook-addictio_b_533530.html

2) http://www.ebooksread.com/authors-eng/lon-tolstoi/the-complete-works-of-count-tolstoy-volume-24-slo/page-25-the-complete-works-of-count-tolstoy-volume-24-slo.shtml

I like open source, but not when it comes to business applications.

Open source communities have successfully developed many pieces of cross-platform software amidst a plethora of proprietary applications. The usability of open source software was once regarded as a reason limited distribution, but presently most of us use it but might not notice that it is open source. For example, the wordpress platform is used worldwide, currently with over 200 million users, and is cross-platform and open source (1).  The existing evidence of the popularity of open source software and how the characteristics of open-source development influence usability is largely important in implementation. Currently, OSS is widely distributed to developers and the public via networked communities.

The thing with open source, especially free open source software, is its quality. There are millions of projects started and never finished. A look at SourceForge reveals that the majority of projects are abandoned. Good software is developed “when one or more very good programmers work closely full time together over a period of time developing, maintaining and improving it.” (2) Ultimately, distribution in the commercial world, especially corporate and government settings, is difficult because the available product does not meet the requirement standards. In contrast however, corporations support open source for competition against existing products. For example, IBM’s Lotus suite vs. Microsoft Office. The advantage is that if a corporation uses Lotus, it would be helping IBM against Microsoft. The disadvantage is that Lotus is vastly inferior to MS Office, and that just because IBM promotes (and financially supports) open source, it doesn’t mean it’s good for the individual developer and users as a whole.  

As a former IBM employee, I would never recommend using Lotus because it is very buggy and compatibility issues get in the way of communicating with clients who is already using MS office. Interestingly, I had both Lotus and MS Office on my laptop when I was a consultant, but never used Lotus software because it simply isn’t as good as MS Office. We were forced to use Lotus Notes, however. When I worked at GE Financial, there was also an effort to try to use OpenOffice instead of MS Office. This also failed because even though we had programmers working on this software, the open source software was still unable to provide the stability and usability needed. 

1) http://www.tripwiremagazine.com/2010/03/20-most-popular-open-source-software-ever-2.html
2) http://www.lambdassociates.org/blog/the_problems_of_open_source.htm

Social Engineering, Hacking, and the Improvement of Cyber Security

In 1986, Congress passed the “Computer Fraud and Abuse Act,” which made unauthorized access to computer systems illegal. The history of hacking, however, dates back to the early 60s, when MIT students experimented on the mainframe computer systems on campus. The first phone hackers in the 70s used toy whistles, which generated the same frequency signal as AT&T’s switching program, to make free phone calls. By the 80s, hacking moved to personal computers, and bulletin boards were used as hubs for hackers. During this time, it also became a social phenomena - a topic that became movies and the topic of interest in magazines. The reality is that hacking has evolved with computer information technology. Regardless of the various milestones in computer security, beginning with the mainstream software security movement in 1999 following the release of windows 98, hacking has always been the response to computer security. Currently, hacking continues to be in an asymmetric war with increasingly complex security layers, algorithms, and parameters.

Prior to the 1990s, hackers often had a loose “code of conduct” (5) which they would abide by. These included common ethics, such as “leave no trace,” and “information wants to be free.” Post-90s hackers are far less bound by restraints, and have very few ethical restrictions. Most younger generation hackers are ruthless, decentralized, and use their hacking skills to break into systems as a form of entertainment – or as the internet meme currently defines it, doing it “for the lulz.” (6) The most common network security exploits, including denial of service (DOS) attacks, Trojan horse, viruses/worms, and sniffing happen on a daily basis to all major service providers around the world. In 2000, the CIO of the Pentagon pleaded with the attendees at Defcon to stop targeting government systems (2), and offered jobs to “talented individuals” who wanted to help prevent these attacks. The Assistant Secretary of the DoD echoed the same thing. In 1999, there were 22,000 confirmed attacks against DoD’s systems. In 2009, there were 71,000 incidents (3). These numbers are indicative that cyber attacks have been steadily increasing, despite laws, regulations, and improved technology. In addition to Defcon, events such as the U.S. Cyber Challenge, seeks to draw hackers to show their skills, ultimately identifying the most talented so they can be hired to work as security specialists. These hosted events, and the actions undertaken by the government and other corporations, presents us with an unanswered question that also happens to be one of the topics covered in the old hackers’ code of conduct: does hacking help improve security?

The answer is complex depending on the effects of the hack, and the intentions of the hackers. Government and corporate entities have “Tiger Teams,” or a group of hackers, to try to infiltrate their systems so they can improve their security. The hackers would infiltrate a system using various exploits and attacks, and then provide details on how it was done so that vulnerability can be fixed. A combination of hacking techniques such as a vulnerability scanner, cracker, spoofing, rootkits, and impersonating legitimate users, are used to access the system. This is extremely valuable to organizations seeking to protect their data. External Tiger Teams can be attracted at websites such as FreeHackers.org, and ethicalhacker.net. Security teams from corporations anonymously set up test scenarios, then attract these hackers to see if they can break in to their system. If the system is compromised, their hope is that the hackers would expose how the exploit was accomplished. It is unclear how these external tiger teams, or “white hat” hackers, are compensated for their efforts. The demand of white hat hackers, “penetration testers,” or “ethical hackers” have been increasing steadily in the past decade. With millions lost due to security breaches and billions of dollars of data on the line, organizations are not only looking for security analysts, but talented hackers, often young computer users without formal educations, who want to use their skills in hacking to build a career. White hat hackers note that while they are inside a corporation, there is a 80-90% probability to accessing internal systems. This success rate drops to 20-30% when attempting to access company systems externally (9). Other instances of white hat hacking occurs when a professional reports a security vulnerability to an organization without exploiting it for gain, such as the recent Skype Zero Day vulnerability that only existed on mac clients (10).

On the other side of the spectrum, malicious “black hat” hackers such as members from Anonymous, presents to us “the epitome of all that the public fears in a computer criminal.” (7) The same techniques are used, but the hacker is generally ruthless in methodology. In addition to using technology, a black hat hacker often employs psychological methods to acquire access information that would otherwise be very difficult to obtain by using technological means. With phishing, a hacker can impersonate a supervisor via fake emails – a legal service that is widely available online (https://www.anonymousspeech.com/). With impersonation, a hacker can intimidate a user to give up access information. Additionally, a hacker can take advantage of someone’s helpful nature, drop names of important leaders in an organization, and feign involvement with law enforcement (8). Information such as company managers, domain owners, and email addresses can be easily found online. The exploitation of people, in some cases, is easier than the exploitation of technological vulnerabilities. Organizations spend millions every year on training their employees on cybersecurity for this very reason, and have updated policies on security on a yearly basis. Through the access of an individual’s email account, and by having access to one portion of a system, the entire network can be compromised. While malicious hackers always break a law of some form, communities for these hackers, such as the one found on www.hackanonymous.com (do not visit this link), operate legally under “educational” purposes when all of their general intentions and tools exist to cause general mayhem. Successful black hat hackers, such as Kevin Mitnick and Gary McKinnon, has cost millions of dollars in damage and crippled thousands of computers (11). Many black hat hackers remain anonymous after their illegal activity, leaving organizations struggling to patch up their system security.

Ultimately, hacking and exploiting systems improve the complexity of security measures either directly or indirectly. Directly as a result of a white hat hacker testing security vulnerabilities in a system, or indirectly as a result of attempted hacks by malicious black hat hackers. In 1998, a hacker group called L0pht (www.l0pht.com) described their behavior where members “grapples with questions of ethics and law in the line of their work.” Full disclosures are conditional and  vulnerabilities are found with the intention to “secure, rather than exploit.” Like many hacker groups that were present in the 90s, present hackers not associated with organizations doing “white hat” hacking often fell into a category of “grey hat.” The reason for this is two-fold: even though a hacker does not maliciously attempt to hack a system, they cannot reveal an exploit because they fear that there would be consequences to their actions. For example, in 2010, a group known as Goatse Security discovered and reported a network flaw that reveals iPad users’ emails (12.) Upon making this vulnerability available to the public, members of the hacker group have been investigated by the FBI and prosecuted. This is a grey area since originally the hackers did not intend to profit or to harm AT&T, but still revealed the exploit publically instead of reporting the exploit to AT&T. In the end, this was still done for entertainment and “for the lulz” in this case ultimately resulted in a breach of security for all iPad users. This vulnerability, had it been found first by a black hat hacker, would have been worth a lot of money to people who operate spam bots.

As an IT consumer and professional, I believe hacking is necessary for computer security to exist and remain a market. The U.S. federal cybersecurity market is currently valuated at $55 billion for the next six years (13). The protection of information and the reconnaissance of information will always be in focus. Current military programs such as the Navy’s Information Dominance program, provides us with an IT landscape that is always in preparation for the next contingency. Hacking has evolved from simple alterations in mainframes, to an equalizer that drives an entire market through its measures and countermeasures. Hacking is necessary because humanity has not changed since the inception of hacking. Most hackers, regardless of their alignment are true technology experts. There will always be malicious hackers and the security against them will continue to become more complicated, even though the advantage will always be theirs – and the answer to the question “how do I know I am being hacked?” continues to be as elusive as “how do I successfully hack a computer.” The scale of hacking is now international, as well as national and personal to an IT consumer. The natural progression of hackers vs. secure systems will continue into the future, as it has throughout the last three decades.

Sources used:
1) http://pcworld.about.net/news/Apr102001id45764.htm

2) http://edition.cnn.com/2000/TECH/computing/08/01/pentagon.at.defcon.idg/

3) http://www.defensesystems.com/Articles/2010/10/29/Pentagon-cyber-attacks-decrease.aspx

4) http://articles.cnn.com/2009-12-21/tech/cyber.challenge.hackers_1_hackers-computer-cybernetworks?_s=PM:TECH

5) http://www2.fiu.edu/~mizrachs/hackethic.html

6) http://www.wired.com/threatlevel/2007/07/investigative-r/

7) Moore, Robert (2006). Cybercrime: Investigating High-Technology Computer Crime (1st ed.). Cincinnati, Ohio: Anderson Publishing.

8) http://en.wikipedia.org/wiki/Hacker_(computer_security)                                    

9) http://www.usatoday.com/tech/news/computersecurity/hacking/2008-01-07-good-hackers_N.htm

10) http://www.purehacking.com/blogs/gordon-maddern/skype-0day-vulnerabilitiy-discovered-by-pure-hacking

11) http://www.junauza.com/2010/12/top-10-most-infamous-black-hat-hackers.html

12) http://arstechnica.com/apple/news/2011/01/goatse-security-trolls-were-after-max-lols-in-att-ipad-hack.ars

13) http://www.marketresearchmedia.com/2009/05/25/us-federal-cybersecurity-market-forecast-2010-2015/

Social Technology as a Reflection of the Idiosyncracies of Humanity

Currently, in any service that allows for user-generated content, there is a reward system set up to encourage member participation. Social engineering, or more bluntly, how to manipulate human behavior, is changing the way we communicate. In the past decade we've managed to ditch the idea of exchanging ideas through meaningful conversation, to adopt an exchange of statuses. Instant messaging, microblogging, emails, texts, and blogs keep us informed either directly or indirectly. There is no control of the quality of information.

Changes in our society and our culture have been equally drastic. For example, entire communities are based on ideas. From Anonymous to the Obama campaign, these organizations perpetuate a level of expression and existence that is without consequences and limitation. Free speech, taken to certain extreme levels that force the general public to adapt in order to stay as an active member of society. The questions that need to be addressed is how can we control our own consumption, and how do we stay safely informed in cyberspace without becoming addicted given the current speed of communication. 

Communicating through technology has now become our main way of fulfilling a basic need of interacting with other people. Social networking, as an outcome of social engineering, is an outlet of humanity that is untamed and largely unregulated. We can act anonymously without consequence, and with our names online we invite technology to become a pervasive part of our lives. This "grid" of users then becomes the largest goldmine in history. Artificial experiences substitute real life experiences. Artificial achievements substitutes real life achievements. The cyber-physical conditioning is gradual and ultimately leads to physical, mental, and spiritual depravity.

Considering the exponential growth of the major services we use, perhaps can curb consumption but not the actual trend. Defining adoption, adaptation, and addiction is an idiosyncrasy that depends on the demographic. As much as there are real consequences to changing the way we communicate, there are also real benefits. Just as virtual goods can have real value, virtual experiences can also have real-world value if we accept it as a supplement instead of a standard.