Wednesday, November 13, 2024

What's in a name?

 The following provides some information on a security vulnerability in id.me, an identity solution that has broad adoption in the USA, including integration with the Social Security Administration and other local and national government agencies.

First, a brief primer on names and email addresses.  RFC 5321 defines the Simple Mail Transport Protocol (SMTP) upon which email is based. Many enhancements and additions have been made around SMTP, most notably around spam protection. However the core aspects of an email address definition and how email is sent and received are unchanged. An email address is of the form recipient@domain, where recipient is a defined series of characters, and the domain is a registered domain. A server processing email on the domain decides on eventual delivery, and provision of a 'display name'. Let's have a few examples:

  • "Michael Smith <mikesmith@gmail.com>" would refer to a display name of "Michael Smith" and a recipient of "mikesmith" on the domain gmail.com.

However, even though we know Mike is short for Michael, there's no requirement for the display name to match the recipient.

  • "Michael Smith <immaterialscience@gmail.com>" would refer to a display name of "Michael Smith" and a recipient of "immaterialscience" on the domain gmail.com

OK, so that's fairly clear that there's no relationship, but what about this?

  • "Albert Einstein <vonneumann@gmail.com>" would refer to a display name of "Albert Einstein" and a recipient of vonneumann on the domain gmail.com

Whilst this would be frowned upon from an etiquette perspective, there's nothing to prevent it from happening, because, again, there's no relationship.

Let's throw one more spanner in the works, with a specific particularity of Gmail.  Dots (periods) do not matter in gmail addresses. That is, the following email addresses are the same (taken from the Google support article example) :

  • "John Smith <john.smith@gmail.com>"
  • "Jack Smith <jo.hn.sm.ith@gmail.com>"
  • "Robert Jones <j.o.h.n.s.m.i.t.h@gmail.com>"

(Side note : this can be exceptionally problematic where punctuation changes meaning, such as for therapist@gmail.com).

With that set up, let's proceed to id.me.

The first issue is that id. me doesn't verify email address ownership. That is, an individual can use an email address not belonging to them to establish an id.me account, and id.me doesn't check. Contrast this to many well behaved services that will send an email to the address entered and require the user to click on a link or enter a code contained in the message, to confirm ownership. id.me doesn't do this.

Next we'll combine this issue with the Gmail 'dot' peculiarity, to get the following :

Individual A signs up for id.me using "Individual A <noperiod@gmail.com>" as the email address for registration.

Individual B who owns "Individual B <no.period@gmail.com>" receives emails for this user.

Individual B can successfully reset the account for A (via email) and fully access Individual A's account.

Two additional vulnerabilities in id.me's design come to light if Individual B is a good actor and contacts id.me to attempt to correct their errors. Id.me will not allow account deletion without upload of documents (such as a drivers license) to prove identity. So, individual B, who didn't create the account but has access to it, has no way to delete the account without uploading their PII. Finally, id.me relies on security through obscurity in that they won't disclose the 'authoritative sources' that they check the upload id against.


Friday, July 5, 2024

Introducing "Quanta" to create a more balanced and valuable media ecosystem

The underlying economics for much of the web is driven by advertising. People generate data through interactions, publishers chase engagement for revenue, advertising platforms generate 100’s of billions of dollars in profit each year. I have been collaborating with Loren Kohnfelder on a number of projects, and in this area we believe that the consequences of this model have profoundly transformed web content and the way it is consumed, sacrificing civility, quality and independence for outrage, quantity and centralization. Let's consider a few different perspectives :

  1. For people, engagement is mostly centered around social networking platforms (Facebook, Instagram, Tiktok, Twitter (or now "X"), Reddit etc) with a typical pattern being to locate content off-site (often from news or entertainment sites), reference and then ‘discuss’ onsite. The push to video (through Tiktok, Instagram Reels, Google showing YouTube video results with high priority) are all a reflection of a consumption culture, with video not only showing a longer time of engagement, but also enabling valuable video ads. All the social networking platforms mentioned above are all ad-based, and so are motivated to generate engagement, measured by key metrics such as on-site time and content interaction (likes, shares, retweets, subscribes etc).
  2. In order for publishers to generate revenue (some subscriptions, but mostly ad based), they are driven to controversy (which drives engagement) and SEO optimization (so that they can appear above other similar content in searches and get picked by the social Algorithm). This even devolves into content copying - a publisher with better SEO optimization can steal content from elsewhere and pass it off as its own, generating more ad revenue. This is particularly rife on Youtube, where the perpetrators will even file DMCA take-downs against the original content producer.
  3. To not risk losing eyeballs, social media platforms generally have a ‘feed’ model of some sort - a news feed or other infinite scroll list of unrelated content. This context-switch heavy model allows for new, small bursts of dopamine to be released by people as they ‘consume’ the content, the net effect being to have a thoughtless consumption of time, and discouragement of deep thinking., but it's also tiring and discourages deep thinking. Studies show that such doomscrolling is detrimental to mental health and focus, though having no content consistency or theme is actually a feature, and following/connecting with people (who contain multitudes) further supports this context switching world.
  4. Since controversy generates more revenue than civility, all advertising platforms have to solve for the user-generated-content problem, surfing the line between what is legal & acceptable in any given jurisdiction and what creates outrage. Good outrage corresponds to impressions, bad outrage leads to advertisers distancing themselves. Whilst there is some reputational risk, and some sites seek to advocate for their communities, the advertising that underwrites the platforms means that content moderation is ultimately for the advertisers's sensibilities.
In summary then, we live an a world of centralized discussion, with constantly shifting focus, all with opportunity for enraged engagement to drive controversy, as it is a proven model for all parties to maximize ad revenue (along with conflict and divisiveness). Ultimately this is a focus on quantity of engagement and impressions, not on the quality of discussion and betterment of people. One further characteristic of this centralized model is that the publishers, who spend time and money to produce the content referred to in the first place, are removed from the discussion beyond the reference to the original article, because news site comments can't compete with social. Sadly, studies show that nearly 60% of people will interact with content without even clicking through.

To solve these inequities and unhealthy dynamics, we asked ourselves the question "What happens if a post isn't just a post? What happens if a post could be both a post, and an in-situ comment to the original article? This is a system we call "Quanta" and here's what it is and how it works.

Rather than continue the pattern of having social networks steal the conversation from publishers, we allow publishers to pull from a social network to host the relevant conversation in-situ, as a side-bar to the main article. Publishers have tried to create comment sections, mostly unsuccessfully, since the audience is poorly qualified/filtered and required per site registration. In Quanta, the audience is brought from the social network, and comments from the relevant audience (filtered by my network as well as using criteria that the publisher can introduce) are shown along side the article - even along side relevant parts of the article.

To explain how Quanta works, let's consider the following example:

Imagine a new article on The New York Times. Today, after a short period of time, the URL will be posted on social media with comments from readers. The conversation (retweets, replies etc) will all occur on the respective social media platforms.

In Quanta, a user would ‘post’ to Mastodon, or any ActvityPub based Fediverse app, quoting the URL, and Quanta would then index and organize such referring posts. In one implementation, the publisher would include comment blocks, and specify constraints/thresholds for the comments to be shown (reflecting popularity and editorial guidelines). The comment blocks would be rendered HTML (similar to how an ad slot is populated), and would be ‘passive’ in the sense of links (to favorite, repost etc) wouldn’t activate in-situ, but would (due to Same Origin Policy) send the user to the right point on the social instance. In another, more interesting, implementation, the browser could form a more opinionated view of content rendering and, with an appropriate social handle logged into the browser, render the comments in a pane next to the article.

In short, viewing the original page produces the current set of useful comments relating to the URL. All comments displayed are contextually relevant, and additionally provide a useful tool for user discovery.

A few interesting consequences of Quanta :

  1. The publisher is now getting many more page views, because that's where the conversation about the page can be readily viewed. This increase in page views will increase the ad revenue the publishers can generate. Note - we don't consider a broader question about advertising being good or bad. We just want to shift revenue, discourse and attention to those that generate the content, away from the social networks that steal that attention.
  2. The 'conversation' is now all in context. It's not about a newsfeed and context switching, but instead the conversation is focused on the topic the publisher has written about.
  3. The duration of the conversation is longer. Doomscrolling a social media feed means that many users are just surfing that last few hours of content that's new to them. On Quanta, the published document and comments (and replies to comments) are all at the same URL, waiting for the next view. Referring to the same document days, months or years later will still have the conversation in place. We believe this will drive greater accountability of the poster and also create further re-engagement for the publisher(*).
  4. Finally, we believe Quanta will provide a great follower discovery feature. All too often on social networks an interesting comment will be amplified, and in the moment the user has to make the decision "should I follow this person?" with little information (or a detour to research). In Quanta, the context is immediate, and publishers can choose to promote comments from known experts, making their work more broadly available. 
Quanta can be implemented as a Quanta server plus a browser extension. As a server, Quanta is an extension of Mastodon, as we believe the index of posts by URL should be distributed so that Quanta itself doesn't because another large centralized system that needs advertising or subscription to succeed. We also note that this seems directionally to be aligned with how Mastodon sees news integration as being important to the platform, as shown by the recently launched Mastodon byline feature.
Quanta has been shared as a concept with key browser vendors, and we firmly believe browser integration will provide the best experience.

 

Full Self Driving Fallacy (aka, ultimately it's a user problem)

 Tesla made the earliest stunning promises of Fully Self Driving cars back in 2016 and you can read a good history of full self driving and Tesla Autopilot on the Wikipedia page.

Technology predictions are notoriously hard, but I'm going to make the case here that whilst fully autonomous (often called level 5) may be possible, the Tesla execution of incrementally adding greater autonomy whilst requiring driver presence and overall responsibility (essentially vehicle autonomy levels 1 through 4) is going to fail. It will fail not for a technical reason, but for a human and social one.

Consider the following incremental 'improvements' to driving automation (I've used bullets rather than numbers so it's not confused with the defined autonomous driving levels)

  • Traffic-Aware Cruise-Control (allows you to set a desired speed but will match with slower vehicles if they’re obstructing)
  • Autosteer (which adds the ability for the car to track within lanes)
  • Navigate on Autopilot (which was introduced in the context of highway driving, getting you from on-ramp to off-ramp, crucially being able to change lanes when the driver indicates).
  • Auto Lane Change (adding the ability to automatically change lanes on highways rather than requiring driver assistance).
  • Full Self-Driving (start to end destination auto driving by the car, with success measured in the fewest number of driver interactions).

There's also some 'point' features like Summon and AutoPark which I'm not going to discuss here. Tesla have some nuances in how these capabilities have changed over time, in particular in relation to the degree to which driver attention is measured. From requiring sensors in the steering wheel to ensure hands are present (easily circumvented) to cameras tracking eyes, Tesla has recognized that in any level of autonomy under level 5, having the driver intervene is important, and therefore they want to be sure the driver is attentive.

Let's just go down the list above and consider what degree of driver attention is needed.
  • For Traffic-Aware Cruise-Control, the driver is actively steering and having to maintain an awareness of the surrounding road, nearby vehicle proximity etc. The driver is also able to pay less attention to their right foot and the pressure it's applying, with speed being kept constant and long freeway driving as well as some stop-go traffic becoming much less tiring.
  • With Autosteer added, the driver is still actively engaged in the driving process, but freed from the immediacy of lane-drift and car following range. The driver has to plan - e.g. should I overtake when my exit is coming up in 2 miles, should I pull out now to overtake, or will the faster moving vehicle behind me have overtaken by the time I reach that point. My assessment would be that driving like this is a nice balance of the car doing the drudge work of ongoing micro-adjustments of lane placement left/right and speed placement in relation to vehicles in the same lange, whilst the driver thinks more strategically.
  • Adding Auto Lane Change in theory means slightly more strategic thinking on behalf of the driver (“Do I feel like a rest stop is a good idea in a few miles, or should I wait another 20?”), but the relative speeds of vehicles, tracking of different kinds of vehicles and speed differentials for overtaking means that the car will invariably not behave as a driver would, e.g.
    • I better speed up a little to get past this truck as it’s doing 63 and I’m set for 65, but there’s a bunch of faster moving cars a mile back that will be stacked behind my long overtake.
    • I better track a little over to the left here as that truck is wide and cutting closer to me than I would like on this curve.
    • I'm going to track a little more to the right to avoid that pothole. 
    • I’m just going to hold back here for a few minutes to let that red mustang I can see way back there get by me, as I don’t want to be involved in any craziness.
What this leads to is a mismatch between the work that the car is doing vs what the driver is doing. That is - the driver is now having to plan for what they expect their car to do in addition to those around them.
  • Full Self-Driving now takes over the lion's share of the driving work, but, crucially, requires the driver to be monitoring everything and able to take over at a moments notice if the car deems an unsafe situation has occurred, or (conversely) if the driver feels that the car is about to perform an unsafe maneuver. The driver’s role has transitioned from being fully engaged, but supported, in the driving process, to one where they are a spectator until they need to fully take over in a challenging situation that the car can’t handle.
My point of stepping through this is essentially to make the argument that once you reach a certain point of driver replacement through automation, only 100% accurate self driving is good enough at that point, since requiring driver re-engagement to troubleshoot in milliseconds is a recipe for disaster.  This seems to be borne out by some of the accident data that is coming out of NHTSA. To save you a click to the article, here's the summary :


"This analysis, conducted before Recall 23V838, indicated that drivers involved in the crashes were not sufficiently engaged in the driving task and that the warnings provided by Autopilot when Autosteer was engaged did not adequately ensure that drivers maintained their attention on the driving task. The drivers were involved in crashes while using Autopilot despite fulfilling Tesla’s pre-recall driver engagement monitoring criteria. Crashes with no or late evasive action attempted by the driver were found across all Tesla hardware versions and crash circumstances."


Unfortunately, if the metrics you measure are safe passenger miles driven by Full Self Driving, the data will lead you astray, as you will have an awful lot of miles well driven by auto-pilot, and a large number of accidents ‘caused’ by drivers after they take over.


So, my contention is that anything under full autonomous level 5 driving is going to skew to this unfortunate requirement of requiring full user attention at precisely a time when the autonomous driving is failing, all the time whilst the semi-autonomy has removed full user attention. Full autonomous level 5 driving may be feasible, since designing for the system to do everything without enabling intervention and will necessarily mean availability in known tested scenarios. There are an awful lot of 'edge' cases with level 5 that will need to be ironed out.

Sunday, June 4, 2023

It's not about Ted Lasso

 Dear Jason, Brendan and Joe,

I forgive you.

With the debate and (sometimes harsh) discourse about how Season 3 of "Ted Lasso" ended, I think much of the message behind Ted's outlook has been lost. From Season 1's forgiveness of Rebecca, through Season 2's struggles with his own past, Ted and the show in general has always lifted us up with the aim of humans being able to be better to each other and to ourselves.

I know many of those fans disappointed at the ending in the season finale have dwelled on Ted and Rebecca not being romantically linked. For a show with the premise of "What if Nora Ephron wrote a sports film?" and many allusions to the soulmates and baggage that fit together that Ted and Rebecca show, it would be a reasonable expectation to see that outcome. "Ted Lasso" has often defied our expectations though, so I'm not here to be part of the Tedbecca clan. A different memory of Nora Ephron's legacy may be less in the romantic comedy of "Sleepless in Seattle" and it's ilk, and more in how words can separate or draw people together. "Psychic" and "Bully" can bring two people out of their inner worlds, just as "Thank you" can just be enough to let each other go. Beyond a romantic ending, I did just have higher hopes of happiness for our leads, but hey, sometimes it is the hope that kills you, right?

I forgive you, Jason, for leaving us at the end of Season 3 with Ted back in Kansas, with Henry (for sure), but away from the family he built - from his (at least platonic) soulmate Rebecca, his best friend Willis, and the 'sons' who look up to him.  I know on a personal level your own life has some mirrors to Ted's in working abroad with your children thousands of miles away. Ted's story hit somewhat harder for me, in that in my own life, much of my children's lives growing up was spent in another country, whilst I did what work I could that would enable me to see them as often as I could. So I forgive you, Jason, for having Ted finally in Kansas with his son, even though everyone else important to him is thousands of miles away. I hope you can forgive those of us who wanted Ted and Rebecca to have to all, in return.

The problem with splitting your life between two places is that, just as with a Kintsugi bowl, the presence of the golden fissures are always visible, no matter the beauty that is present. I know the strain of carrying a critical success whilst spending time away from those you love must have been hard, but then it's also not easy having your other life move on, whilst you focus and spend time with your children.

I believe that the many unanswered questions, from Ted's own romantic happiness, to Richmond's future, are 'good' unknowns with which to tie up this part of the story. Whether you're paving the way for a Season 4 or not, I believe in you. I just hope you remember to be kind to yourselves, and if this writing serves in someway to remind others that it was never about Ted, then I believe I will have served some use.

Monday, November 21, 2022

Moving to Mastodon

 Just to say that I’ve moved off Twitter and on to Mastodon. You can find me there as tall@mastodon.social


Sunday, January 15, 2012

An Arc

The current debacle about Google introducing itss Google slanted Search Plus Your World (SPYW, presumably pronounced "Spew") is just one more step Google takes along it's arc.

What's 'the arc', you ask?

It comes from a discussion I had with Charles Fitzgerald a while back, observing that certain successful tech companies follow an arc. It's a little richer than a timeline of newness & excitement through to jaded boredom. It goes something like this.

  • Found company based on a great idea and great execution.
  • As important, be lucky enough to be in the right place, at the right time, with the right backing & connections, to take off quickly.
  • Exploit an economic trend (some dramatically reducing price curve) and get products to a receptive audience.
  • Grow (as a company - # people) rapidly - introducing interesting management expansion problems (how do we scale? who do we hire? how do we retain our 'culture'
  • Make a ton of money and become successful
  • Keep on doing 'the right thing' for customers.
  • Make a few enemies
  • Make more money and get a lot of customers.
  • Become dominant in a market - expand into other markets, and make more enemies. Still mostly doing the right thing for customers.
  • Be threatened by a new trend that may be disruptive
  • Re-engineering your entire business to focus on the disruption, and in doing so not recognize that you just screwed your customers.
  • Leverage an existing dominant product position to gain traction against the disruption.
  • Government involvement and scrutiny
  • Competitors cry foul
  • Lawyers

In the above scenario you can insert Microsoft (Windows/Office + "Internet Tidal Wave" + Internet Explorer) or Google (Search + "Everything is Social" + SPYW).

Interestingly Google's arc is half the time period of Microsofts. I'm assuming Facebook's will be half the time period of Google's.

Perhaps we should just rename this "Fitzgerald's law" and see if it sticks?

Wednesday, January 6, 2010

Well wishes to my dad, and free shoes for you

This is going to be about knees. I'll also give you a chance for some free shoes. But mainly about knees.

My dad is in hospital today, having knee replacement surgery. The surgery is happening in the UK, so like as not he's out by now, and I hope it's all gone well. He's only seventy-cough, and there are likely a few reasons why he needs knee replacements now. At University he was an excellent middle distance runner - used to train with Roger Bannister in his heyday, and could run the mile with the best of them. In those days, running shoe technology wasn't too advanced, and I recall him complaining on a number of occasions about how the streets of Sheffield were not kind to his achilles.

My dad returned to running in his retirement, and was doing some impressively quick times in his late sixties. He really enjoyed it - also enjoyed the new shoe technology that had come along in the 80's, which gave him much more cushioning. Unfortunately about a year ago, his kneee gave way while walking along a path. Various trips to the doctors and MRI's later, and the long and the short of it is that he's knees are shot and he needs replacement surgery. Given my dad's athletic history, this is hard for him, and I hope he can get back being active in some way or other after a speedy recovery. Knees are important.

I'll get to the free shoes in a moment. I need to talk about my knees next.

I have a bit of a different journey than my dad. I was 'less than athletic' at school. Overweight and would make up any excuse not to exercise. I finally started regular exercise when I was 17 and ran (mainly to decompress) regularly during University. My first marathon was when I was 21 - took me 5 hours and 35 minutes, and wasn't kind to my knees (by mile 16) or my hips (by mile 22) and had me hobbling for weeks afterwards. Given that I'm 6'7" and (was) overweight, I can only imagine the kind of pressure put on my joints at every step.

I keep on discovering that there's things we seem to do naturally that we actually need to learn. Like breathing. Or, in this case, running. In the last few years I've become a big fan of 'minimalist' running - it's been a struggle to re-learn how I run, so that I'm not jolting shock all the way through my joints, but instead, treading more softly, with greater cadence. Whether it's barefoot running, or (my preference for longer distances) in Newton running shoes, lighter and running properly is the way to go. A friend of mine referred me to Newtons, and their lightweight design, but more importantly their ability to cause you to run correctly, without striking down on your heels.

I promise I'll get to the free shoes shortly.

So with a new (and I'll admit, goofy) style of running, I now run marathons 106 minutes faster than when I was 21 - with no pain while running, and (apart from needing a little calf massage) only 1-2 days recovery, with no joint pain. I won't run distances over 8 miles in anything other than my Newtons, and am so thankful (for my knees) that my running is now so low impact.

The evidence is building for the harm big, spongy, badly supporting running shoes can do to you. I've spoken to a few people (when they ask about my garish colored shoes) about how great the Newtons are, and I keep on wincing when I hear the argument "Yes, I've heard great things about them, but I run a lot and go through a number of pairs of my Nike's, and the Newtons are really ($175) expensive."

Don't even get me started on how if you're 'going through' your running shoes, maybe that means lots of impact. Grrr.

So, in the hope that I can help at least one person to not have to go through what my father's going through today, I'd like to give you a pair of Newton running shoes. No more excuses.

Here's how it'll work. Using the power of the interwebs, I'll randomly pick someone (US or UK resident - mailing from anywhere different gets complicated) out of the next 100 twitter followers I get (I being 'tallmike'), contact you, and we'll go from there. Regular distance runners using non-minimalist shoes only please - we don't want these to languish in the garage now, do we? Oh - and this isn't some lame way to get followers - beyond tweets about my running & occasionally about my Google products, I'm fairly busy and don't say much, and feel free to unfollow as you wish. For any lawyers out there, this is not sponsored by Newton in anyway, and I'm doing this solely to give you a new pair of running shoes, as provided by Newton, in your size/style. I make no claims as to whether they will help you as they've helped me - so much of this is up to you. If you go out, fall over or otherwise injure yourself, that'd be what we call "your problem". You'll need to figure out your style (neutral or stable), and would likely be best if you took video of you running to figure it out right. If you live in Seattle/San Francisco or the UK, I reserve to the right to deliver in person. If you live in Seattle, these guys have been really nice to me, and have the technology to do the video thing.

Phew. That's enough for now. Here's to wishing my dad a speedy recovery, and hoping you start 2010 with a plan to run differently. Me? I'm off to work out what else we're doing wrong and I should re-learn - oh, and run a little more.