Author Archives for Moya Watson

Confessions of the Neither Cool Nor Corporate: Treo to Tour

Sony Walkman WM-36 (2)

http://www.flickr.com/photos/headphonaught/ / CC BY-NC-ND 2.0

Sony Walkman WM-36 (2)

Inwardly, my heart sank when I read the recent SFGate discourse on the polarization between iPhone and BlackBerry users and what it says about you (in a nutshell, I read it as Cool vs. Corporate ), because I knew my old Treo had broken for the last time and I was about to become an accidental and perchance reluctant early adopter of my first “cutting-edge” hardware device since the Sony Walkman — namely, the BlackBerry Tour. Thusly I heaved a big sigh and released my exclusive grip on the “neither/nor” don’t-label-me Treo world, and Became Corporate.

I had been happy with my old trusty Treo, not finding itself anywhere on the Cool to Corporate spectrum, but I had dropped it one too many times (making it a bit untrusty after all), and though I of course tried to keep using it, the shattered glass of the touchscreen posed the danger of lacerating my face whenever I answered the phone.  Plus, it stopped working, there’s that.

My Last Treo

My Last Treo

After a brief odyssey through a number of refurbished Treos, each mysteriously breaking in some other essential way, my enormously patient gadget-queen wife arranged to upgrade me to a BlackBerry Tour.  It arrived to me *the day of its release* — and she even heroically fought through apparently known BlackBerry/Mac issues and synched it for me while I was bathing and reading to our daughter that night.  And I promptly began my odyssey.

For all my online complaining about the difficulty in shifting smartphone paradigms — going from something so familiar and ubiquitously used to the “who moved my cheese” experience of misplaced keys is akin to the electric cool-aid acid test on unwitting lab rats — I actually did pretty well just playing around without (of course) even cracking the handy Getting Started guide (which I did AFTER I switched my BlackBerry off — at least I think I switched it off — that is, I’m not sure why I have to switch it off coming from the land of the nearly-always-on, insta-response Treo).

My New BlackBerry

My New BlackBerry

After trying to use the device like a Treo — which meant using a sub-standard mobile Web browser to launch minimal mobile Web applications in the place of all those Cool and/or Corporate device-native cutting-edge applictions such as bubble pop or whatever (does anybody even write applications for the Treo – anymore?) with a nevertheless comprehensible keyboard and near instant response in the applications (I had lived in m.facebook.com and m.twitter.com) — I finally was assimilated and downloaded the respective device-proper applications such as Facebook for the BlackBerry, ÜberTwitter, and Gmail for the BlackBerry.  I even pined unsuccessfully for blip.fm for the BlackBerry and learned I was not alone.  I learned to swim in the floaty interface as best I could, and I tweeted with my geo-location.  I even stopped — momentarily — trying to touch the touchscreen to get it to do things and let go of “Liking” on Facebook. And lapsed briefly into brickbuster (or whatever it is).

So I should hardly rant, and I hate to rant, but I’m going to rant.  After two weeks now, these things still drive me to absolutely NUTS:

  • Where ARE my text messages anyway? On the Treo, It was simplicity itself — it merited a special key, and it was simply SMS — simply threaded, simply reply-able, simply alerting and lighting up the device with the incoming messages themselves.  Not so on the BlackBerry, apparently.  If I can even tell apart the multiple BlackBerry messaging options.
  • And please by the way don’t make me register YET ANOTHER email address!
  • Somehow, at least by default, the nature of “alerting” on the BlackBerry levels text and email messages in the same playing field — and this is not what I want! (Think of all my BlackBerry friends I pestered the first few days, freaked out that my phone was ALWAYS vibrating! “WHY, why does it do that?”)
  • I can’t use trackball as insertion cursor effectively.  Can anyone? The trackball motion also skips and messes me up in brickbuster!
  • Who Moved My Keys!? Especially the questionmark and period!
  • Most disturbingly, why do my wrists hurt?
223K and still ticking

223K and still ticking

I’ll probably become second-nature with this strange new device soon and maybe I’ll even start to feel like it makes me seem Obamalike instead of corporate and conservative.  Maybe I’ll even feel like it’s highly featured and grow to wonder how I ever got along without it.  Not yet.

The first morning after, I awoke from dreams about trying to use the dang device.  I was trying to learn to use the trackball *just right* (ahem) to roll the umlauts over the “U” in UberTwitter).  Plus, my hand hurt.

I guess now a new car to replace my 223K-mile car can’t be too far.  Please just don’t let it be a corporate car.  Unless it’s also a fuel-efficient yet powerful RACECAR!

Twitter, TechCrunch, and Hacker Croll: No Sacred Clouds?

TechCrunch: Twitter Confidential

Twitter Confidential: Image from TechCrunch

This week, while a fascinating story plays out in the cloud between cloud-based Twitter, journalists on TechCrunch, and a hacker named Hacker Croll, I ponder the future. A password can be usably convenient if easy to remember, but can also be easily hacked — which apparently kicks off this whole story, which led to TechCrunch publishing sensitive Twitter information including revenue forecasts and downright inspirational business plans.

As a result, I not only ponder, but dream about a truly fictional fantasy future in which all business plans are open-sourced, nobody has any reason to hide in secrecy and fear, and competition-of-the-fittest has evolved into a new kind of collaboration in general.

Ah, but then I wake up. In the meantime, I recount this story in three phases (each phase has its own particular set of idosyncracies), then frame what I think are some highly relevant resultant questions below.

Part I: Breach — Hackers: So understood, they’re almost rendered blameless?

April 29: Hacker Croll boasts how he/she hacked Twitter on an online forum

April 30: Twitter reports unauthorized access and talks about updated security

May 1: PC World reports on this and first names Hacker Croll:

Hacker Croll claimed to have accessed Goldman’s Twitter password by first gaining access to his Yahoo account. “One of the admins has a yahoo account, i’ve reset the password by answering to the secret question. Then, in the mailbox, i have found her [sic] twitter password,” Hacker Croll said Wednesday in a posting to an online discussion forum. “I’ve used social engineering only, no exploit, no xss vulnerability, no backdoor, np sql injection.”

Part II: Publication — A question of ethics?

July 14: TechCrunch gets into the game with a report on the hacking. As Twitter co-founder Evan reported to TechCrunch:

Some notes:
– He did not actually gain access to my @ev Twitter account (or any Twitter accounts) nor any administrative functions of the site.
– There is also no evidence that he gained access to my email. There was one administrative employee who’s email was compromised, as was my wife’s Gmail account, which is where he got access to some of my credit cards and other information.
– He also successfully targeted a couple other employees personal accounts (Amazon, AT&T, Paypal…)

July 14: TechCrunch Michael Arrington discloses that Hacker Croll has sent them the stolen information. Seemingly finding himself in a dilemma, he admits spending most of the evening reading through the various docs – including personal emails, business plans, and floorplans, and apparently trying to figure out whether it’s ethical to publish them.

Despite his apparent dilemma, he decides:

There is clearly an ethical line here that we don’t want to cross, and the vast majority of these documents aren’t going to be published, at least by us. But a few of the documents have so much news value that we think it’s appropriate to publish them.

July 14: TechCrunch publishes its first expose, unveiling plans for a Twitter Reality TV Show

The whole pitch deck is published, with Arrington dismissing his ethical dilemma thusly:

I can’t imagine even Twitter cares that we’re posting this pitch deck from Through Eyes Productions that outlines the idea for a reality television show called Final Tweet.

July 15: TechCrunch publishes the big bomb: Twitter’s financial forecast including revenue and growth. Twitter (of course) and the rest of the blogosphere goes wild with the news.

Arrington opens this post apparently in concert with Twitter’s lawyers:

Our negotiations with Twitter (or rather Twitter’s lawyers) over our intention to publish a small subset of the 310 hacked confidential documents continue. We published the first document, a pitch for a reality television show called Final Tweet, earlier this morning.

July 15: TechCrunch dings Twitter for using an obviously guessed password (“password”).

The author deduces that this is an indication of Twitter’s lax security in general:

Twitter co-founder Biz Stone, responding to our email, said “this bug allowed access to the search product interface only. No personally identifiable user information is accessible on that site.” Although no user accounts were compromised or accessible, the vulnerability speaks to a greater culture of lax security at the startup, and may be indicative of how earlier breaches possibly occurred.

Part III: Aftermath — What really happened here? Where do we go next?

July 15: Arrington reacts to the rapidly trending response.

Calling it “Ethics 101,” the rationale goes like this:

Let’s put aside the highly sensitive documents that we aren’t going to publish, but which will likely end up on the Internet anyway. We’re not going to post that information whether we have the legal right to or not. No discussion is needed.

Other key and intriguing excerpts :

We publish confidential information almost every day on TechCrunch. This is stuff that is also “stolen,” usually leaked by an employee or someone else close to the company, and the company is very much opposed to its publication. In the past we’ve received comments that this is unethical. And it certainly was unethical, or at least illegal or tortious, for the person who gave us the information and violated confidentiality and/or nondisclosure agreements. But on our end, it’s simply news.

It’s not our fault that Google has a ridiculously easy way to get access to accounts via their password recovery question. It’s not our fault that Twitter stored all of these documents and sensitive information in the cloud and had easy-to-guess passwords and recovery questions. We’ve been sitting in the office for eight hours now debating what the right thing to do is in this situation. We’ve spoken with our lawyers. We’ve spoken with Twitter. And we’ve heard what our readers have to say. All of that factors in to our decision on what to post or not to post.

Arrington’s bottom line:

Hopefully the embarrassing and sensitive stuff about individual employees will never see the light of day. And hopefully this situation will encourage Google and Google users to consider more robust data security policies in the future.

July 15: Word from Twitter: “Twitter, Even More Open Than We Wanted.”

From Twitter’s side of the story:

This attack had nothing to do with any vulnerability in Google Apps which we continue to use. This is more about Twitter being in enough of a spotlight that folks who work here can become targets. In fact, around the same time, Evan’s wife’s personal email was hacked and from there, the hacker was able to gain access to some of Evan’s personal accounts such as Amazon and PayPal but not email. This isn’t about any flaw in web apps, it speaks to the importance of following good personal security guidelines such as choosing strong passwords.

And finally, though hardly the last word in this story, two from today, July 16:  TechCrunch: Twitter’s Internal Strategy Laid Bare: To Be “The Pulse Of The Planet” – in which the story gets really interesting and the business plan sees some startling, and even inspiring — despite its origins — light of day, and from Twitter: Someone Call Security, in which Twitter once again reiterates how this happened and talks about their commitment to security.

Most important in the aftermath is the opportunity for questions — and for addressing these questions — this has offered us. This bears a lot of relevance for any kind of online interaction (and thus rapidly just about any business model) going forward. Among the questions in my mind, none of which are clearly settled, about which I welcome your opinions:

  • What does it mean for the cloud?
    I’d address this first with a sub-question: Does the cloud actually have the most to do with this? Yes, Twitter is hosted on the Amazon cloud. But I’ve also heard a lot about the Google cloud in this and I wonder what exactly people mean when talking about the two. As far as I understand, no Amazon cloud-based services were breached in this scenario. Passwords were guessed, and then subsequently stolen via hacking into a Yahoo (and later a Google) email account. Does this indicate a security issue specifically with Twitter, and furthermore, with the cloud?
  • What does it mean for ethics and rule of law on the Internet?
    I was tempted at least at first glance to frame this as the more important question. Is it as simple as this? Private information was at least violated – and perhaps “stolen.” If you come across stolen goods, do you resell them? Is that what TechCrunch did?
  • What does it mean for Internet identity?
    This is the greater overriding theme, I think. This is how it started out, in my understanding. Let’s just say for fun that I lived on Sesame Street growing up. When I sign up for a Yahoo email account, I choose a password and congratulate myself for not being so risky as using my childhood street name (or the name of my dog, my goldfish, or my mother’s maiden name) as my password. However, I get to answer a security question in case I forget my password – and what do I perhaps use as the answer to my security question? Sesame Street. More importantly, is that answer easily ascertainable on the Web, via clever Internet searching? Probably yes, if I ever blogged about where I grew up.  There’s the rub.

So what’s the bottom line? Do we need to all be more careful and not choose “easy” passwords and security answers (in other words, those we can possibly remember – which are also therefore easily guessed)? Or do we need to rethink passwords, online IDs, and, at the least, password recovery systems to respect privacy in a different way? Or should we never use something like Twitter “seriously”? Or all, neither, or something else entirely?

Or is there reality in my dream world, moving forward, of a totally transparent world through likewise transparent, cooperative and open clouds?

One clear answer: in any case, these are questions we’ll need to address going forward.

What Year is This Again?

The news from Philadelphia today — specifically from the Valley Swim Club — is not very pretty: Pool Boots Kids Who Might “Change the Complexion”:

“When the minority children got in the pool all of the Caucasian children immediately exited the pool,” Horace Gibson, parent of a day camp child, wrote in an email. “The pool attendants came and told the black children that they did not allow minorities in the club and needed the children to leave immediately.”

Minorities not allowed? Really?

My girl went to a summer camp last week here in San Francisco. She was nervous about fitting in but the people were all great, and it turned out to be a great experience for her. I can just imagine the heartache and confusion she would have endured if others got up and left right when she walked in — if (so-called) authority figures told her she was not allowed.

Be sure to watch the video at the news link above. I wish I could take all of these kids and give them a great big hug… or at least a place to swim.

Watch news coverage below.