I think driving navigation is a great thing, but the UI is all wrong. It needs to work to understand me, to see the routes I have driven with it 100 times, and only tell me when there is something unusual I need to know, not where to turn to get to my house (or telling me "You have arrived at your destination" at my driveway.) The ideal navigation system, on a commute, won't even say a word to me unless there is traffic that means I should not take my standard route. How do we make it smarter?
Tomorrow, June 8, marks the 30th anniversary of my launch of ClariNet.com. In the 1980s, there was a policy forbidding commercial use of the internet backbone, but I wanted to do a business there and found a loophole and got the managers of NSFNet to agree, making ClariNet the first company created to use the internet as a platform, the common meaning of a "dot-com."
You've probably heard the catchword in the bitcoin/crytpocurrency world of "HODL!" Based on somebody's typo, it is an encouragement to hold on to your bitcoins rather than sell them as the price ramps up to crazy levels. If you're a true believer, you will HODL. Don't cave in to the temptation and pressure to sell (SLEL?) but be sure to HODL. (Previously I wrote about the issues which occur should Bitcoin's price actually stabilize.
I've been doing some analysis of the "HODL" movement (which attempts to use social pressure to convince people to hold on to Bitcoin and other holdings, rather than taking the normal profit-taking steps after such a large appreciation.) I believe that HODL goes against what a cryptocurrency is supposed to be about, since to be valuable it has to be useful, and to be useful, people need to be using it, not holding it. I will explore this in another article next week.
I've been mulling a bit over the philosophy of law, and one concept I have been exploring is that a key to understanding a major class of immoral acts is to look at attempts to exploit flaws in human cognition and physiology. There's been a reasonable amount of scientific study of the "bugs" in the way humans think by economists, game theorists and psychologists, and while some of the bugs are debatable, some are fairly undisputed. This might help build moral codes.
Nobody wants to be the first person to do or say a risky thing. One recent example of this is the revelations that a number of powerful figures, like Harvey Weinstein, Roger Ailes, Bill O'Reilly and Bill Cosby, had a long pattern of sexual harassment and even assault, and many people were aware of it, but nobody came forward until much later.
People finally come forward when one brave person goes public, and then another, and finally people see they are not alone. They might be believed, and action might be done.
Eleven years ago, I proposed a system to test radical ideas, primarily aimed at voting in bodies like congress. The idea was to create a voting system where people could cast encrypted votes, with the voter's identity unrevealed. Once a majority of yes votes were cast, however, the fragments of the decoding key would assemble and the votes and the voter identities could be decoded.
This would allow, for example, a vote on issues where a majority of the members support something but few are willing to admit it. Once the total hit the majority, it would become a passed bill, with no fear in voting.
I still would like to see that happen, but I wonder if the approach could have more application. The cryptographic approach is doable when you have a fixed group of members voting who can even meet physically. It's much harder when you want to collect "votes" from the whole world.
You can easily build the system, though, if you have a well trusted agency. It must be extremely trusted, and even protected from court orders telling it to hand over its data. Let's discuss the logistics below, but first give a description of how it would work.
Say somebody wants to make an allegation, such as "I was raped by Bill Cosby" or "The Mayor insisted I pay a bribe" or "This bank cheated me." They would enter that allegation as some form of sworn legal statement, but additional details and their identity would be encrypted. Along with the allegation would be instructions, "Reveal my allegation once more than N people make the same allegation (at threshold N or less.)"
In effect, it would make saying "#metoo" have power, and even legal force. It also tries to balance the following important principles, which are very difficult to balance otherwise:
- Those wronged by the powerful must be able to get justice
- People are presumed innocent
- The accused have a right to confront the evidence against them and their accusers
How well this work would depend on various forms of how public the information is:
- A cryptographic system would require less (or no) trusting individual entities or governments, but would make public the number of allegations entered. It would be incorruptible if designed well.
- An agency system which publishes allegation counts and actual allegations when the threshold is reached.
- An agency system which keeps allegation counts private until the threshold is reached.
- An agency system which keeps everything private, and when the threshold is reached discloses the allegation only to authorities (police, boards of directors).
There are trade-offs as can be shown above. If allegations are public, that can tell other victims they are not alone. However, it can also be a tool in gaming the system.
The allegation must be binding, in that there will be consequences for making a false allegation once the allegations are disclosed, especially if the number of existing allegations is public. We do not want to create a power to make false anonymous allegations. If it were public that "3 people allege rape by person X" that would still create a lot of public shame and questions for X, which is fine if the allegations are true, but terrible if they are not. If X is not a rapist, for example, and the threshold is high, it will never be reached, and those making the allegations would know that. Our system of justice is based important principles of presumption of innocence, and a right to confront your accusers and the evidence against you.
Our videoconferencing tools have been getting better, but meetings with remote video participants still don't work very well. One problem is poor use of the technology (such as a lack of headsets) which I outlined in my guide to room based video meetings. These can be worked on and the tech keeps improving.
The other big area for improvement is the discipline of the people in the meeting. The big challenge in typical meetings is that some of the participants are 2nd class. This is obvious when you have a meeting room with multiple local people and some remote users. It can also happen when people have differing levels of technology. In an ideal meeting, everybody in the meeting is on the same footing as far as their presence and ability to communicate. In addition, everybody should be as fully engaged with the meeting as if they were in a single olde-tyme meeting room.
We break this rule often. It is quite common to have remote attendees turn off sending video, or mute their audio, for example, making them be more like a TV audience than members of the meeting. It makes sense because it saves bandwidth, and people don't like being watched. We also tolerate having some people present just on the phone, while others are there in person and others are on low and high quality video systems.
If you hope for a good meeting, you also want to express that the main value of the conferencing system is to let people attend without travel. It is not there to let them attend without the same effort and engagement they would put into a meeting they did travel to. The things I describe may seem minor, and they may veto features of great convenience, but those features are actually bugs and disrupt meetings more than people realize.
Here are some principles to get around this:
No meeting room
In an ideal video meeting, everybody is on their own personal video station. There is no meeting room. This means that even if several of the attendees are in the same building, they don't go to a room, they stay at their desks and join the meeting just like any other remote.
This is obviously hard to do if the majority of participants are in the building, but it can be worth it. It also means you don't need room-based videoconferencing systems, which are expensive and don't work well. But if only 2 or 3 of the participants are in the same place, definitely consider having no meeting room. The big benefit is that when everybody has their own microphone, everybody hears everybody really well.
Today you can't have people in the same room using their own computer because they hear the other people both via their headset and through the air. Perhaps some day a smart videoconferencing system will understand that some people are in the same room (you can tell because some sounds do get into the microphones) and adjust. It would allow those who still want a physical meeting room to get the great audio and video that comes from everybody using their own computer and headset. Those in the room together would still be higher-level participants, but remotes would not be that badly off.
Headsets at all times
We have gotten seduced by how well some voip systems handle speakerphone mode in one on one conversations. Don't be fooled. They don't do group meetings well at all. They seem like they do, but quickly you realize that now everybody hears all the random noises from the location of a speakerphone user. They do things like step away from their desks to eat, chat or take a phone call, and everybody hears it. Keyboards and mice clickety-clack. Sirens go by. It's easy to ignore this in a one on one call, but it disrupts a meeting.
Everybody should have off-site backup of their files. For most people, the biggest threat is fire, but here in California, the most likely disaster you will encounter is an earthquake. Only a small fraction of houses will burn down, but everybody will experience the big earthquake that is sure to come in the next few decades. Of course, fortunately only a modest number of houses will collapse, but many computers will be knocked off desks or have things fall on them.
To deal with this, I've been keeping a copy of my data in my car -- encrypted of course. I park in my driveway, so nothing will fall on the car in a quake, and only a very large fire would have risk of spreading to the car, though it's certainly possible.
The two other options are network backup and truly remote backup. Network backup is great, but doesn't work for people who have many terabytes of storage. I came back from my latest trip with 300gb of new photos, and that would take a very long time to upload if I wanted network storage. In addition, many TB of network storage is somewhat expensive. Truly remote storage is great, but the logistics of visiting it regularly, bringing back disks for update and then taking them back again is too much for household and small business backup. In fact, even being diligent about going down to the car to get out the disk and update is difficult.
A possible answer -- a wireless backup box stored in the car. Today, there are many low-cost linux based NAS boxes and they mostly run on 12 volts. So you could easily make a box that goes into the car, plugs into power (many cars now have 12v jacks in the trunk or other access to that power) and wakes up every so often to see if it is on the home wifi, and triggers a backup sync, ideally in the night.
I frequently say that there is no "internet of things." That's a marketing phrase for now. You can't go buy a "thing" and plug it into the "internet of things." IoT is still interesting because underneath the name is a real revolution from the way that computing, sensing and communications are getting cheaper, smaller and using less power. New communications protocols are also doing interesting things.
We learned a lesson on Friday though, about why using the word "internet" is its own mistake. The internet -- one of the world's greatest inventions -- was created as a network of networks where anything could talk to anything, and it was useful for this to happen. Later, for various reasons, we moved to putting most devices behind NATs and firewalls to diminish this vision, but the core idea remains.
Attackers on Friday made use of growing collection of low cost IoT devices with low security to mount a DDOS attack on DYN's domain name servers, shutting off name lookup for some big sites. While not the only source of the attack, a lot of attention has come to certain Chinese brands of IP based security cameras and baby monitors. To make them easy to use, they are designed with very poor security, and as a result they can be hijacked and put into botnets to do DDOS -- recruiting a million vulnerable computers to all overload some internet site or service at once.
Most applications for small embedded systems -- the old and less catchy name of the "internet of things" -- aren't at all in line with the internet concept. They have no need or desire to be able to talk to the whole world the way your phone, laptop or web server do. They only need to talk to other local devices, and sometimes to cloud servers from their vendor. We are going to see billions of these devices connected to our networks in the coming years, perhaps hundreds of billions. They are going to be designed by thousands of vendors. They are going to be cheap and not that well made. They are not going to be secure, and little we can do will change that. Even efforts to make punishments for vendors of insecure devices won't change that.
So here's an alternative; a long term plan for our routers and gateways to take the internet out of IoT.
Our routers should understand that two different classes of devices will connect to them. The regular devices, like phones and laptops, should connect to the internet as we expect today. There should also be a way to know that the connecting devices does not want regular internet access, and not to give it. One way to do that is for the devices to know about this, and to convey how much access they need when they first connect. One proposal for this is my friend Eliot Lear's MUD proposal. Unfortunately, we can't count on devices to do this. We must limit stupid devices and old devices too.