Xochimilco at sunrise

I got a chance to show up at Xochimilco in the dark, ride a boat to a farm and watch the sun rise over an active volcano. (Xochimilco is a series of canals built by the Aztecs in what used to be a lake but which is now Mexico City.) What an experience!

"Black devils" roam Oaxacan town during Fat Tuesday

One of our friends in Oaxaca surprised us by taking us to a restaurant called Almú in the tiny and remote town of San Martín Tilcajete in the Oaxaca Valley. 

As we drove through town, our car was blocked by dozens of men and boys dressed like devils and painted black pretended to rampage through the town as part of how Oaxaca celebrates carnival. It's a tradition called the "La Danza de los Diablos" or "Dance of the Devils," a name coined by Spanish missionaries. I got out and took a few pictures. 

When the Spanish first came to Oaxaca in the 16th Century, Zapotecs (the main indigenous ethnic group in Oaxaca) tried to scare them away by painting themselves black and acting like monsters. 

It's part of Zapotec tradition since before the Spanish arrived. The black "paint" is made with cooking oil mixed with charcoal. Many also paint their faces white, red, or black. 

Until recently, only men and boys participated, but a few years ago a few women and girls started joining in. 

Traditionally they wore shells around their waists to make a racket while running around town. Nowadays, they use bells. They try to scare people, and, if they can they wipe some black coloring on the faces of women and girls -- the "kiss of the devil," a way of flirting with them.

The tradition has variants around Oaxaca, but it's particularly strong in San Martín Tilcajete, and the town is locally famous for it. 

Also: There's drinking involved. As we drove through the town after our four-hour lunch, some of those devils were conspicuously hammered. 

Phrase of the moment: "metaverse winter"

Derek Robertson penned a piece for Politico that describes the current "metaverse winter." After an initial surge in excitement and investment, some of the companies who would bring the "metaverse" into mainstream acceptance are cutting funding and laying off workers, further delaying the arrival of widespread VR, AR and XR.

GlobalData Thematic Research by Verdict used the phrase in a January 20 report in which they said the "metaverse winter" is an opportunity for businesses to restrategize. GlobalData also trotted the phrase around in various interviews and press releases, claiming that the "metaverse winter" is being caused in 2023 by "cooling interest, economic obstacles, and the immaturity of enabling technologies."

The "metaverse winter" of 2023 was predicted by Dataquest in November of 2022. 

An even earlier reference to the phrase appeared in September of 2022 by a crypto enthusiast and blogger named xuanling11, who claimed that the "Metaverse Winter is So Cold."

Also in September of last year, a Turkish publication claimed that Turkey was going through a "metaverse winter" because Turks has stopped buying up real estate in VR, for the most part.

Blame richer foreigners: Welcome to the new nativism

In the fifth season of the TV series, “Yellowstone,” protagonist John Dutton makes a speech, having been newly elected as governor of Montana, in which he promises Montanans that he will use his power to disincentivize wealthy outsiders from New York and California from coming to the state, buying up vacation properties, creating demand for airports and resorts and generally driving up the cost of living.

A similar sentiment is cropping up around the world, in which urban locals blame foreign tourists and digital nomads and Airbnb for the rising cost of living and rising rental costs.

We first heard this sentiment from residents of Mexico City, where some feel gringos are showing up in unprecedented large numbers, spending lots and lots of money and driving up the cost of living.

Now Portugal is enshrining this idea into law, banning new Airbnb properties, revoking their Golden Visa program and generally seeking to disincentive wealthier outsiders from coming to the country and driving up the cost of living for the Portuguese.

I fear this idea will spread globally as people in the post-pandemic era travel more, work abroad more, and seek out more exotic vacations, workstations and temporary residencies.

The fact is that when foreigners with money to burn show up in large numbers in any place, there are winners and losers. They boost employment. They might as well be dropping hundred dollar bills from helicopters. They drive up home valuations for those who own homes. At the same time, they drive up rental costs for those who don’t own homes And they drive up the price of going to some restaurants and some bars, and using some other services for locals, whose income has not increased to accommodate the rising cost of living. 

There are winners and losers. But for the most part, these locations benefit. The reason is that foreigners take their money from abroad, and they spend it in the countries where people are complaining. More money means more employment, more tax revenue to improve local services are in general make things better.

It’s no coincidence that these notions are cropping up in an era of inflation. As I travel around the world, I’ve noticed inflation everywhere. But everywhere you go locals have a local reason why they think global inflation is taking place. 

I fear that if local regulations in places like Portugal succeed in reducing the number of foreign visitors, they’ll find themselves with all the inflation and all the rising costs of living, but with fewer jobs to pay for it all.

Inflation is global and to assign a local cause to it is mostly misguided.

In any event, a new nativism is taking hold, and it’s going to seriously impact Wii, global travelers, digital nomads, and remote workers.

The things bosses are doing to boost productivity are killing productivity

In the era of remote work, bosses are worried about lazy employees slacking off. And so they're forcing workers to come into the office or deploying surveillance software to track their every keystroke and mouse movement at home. 

New research shows, however, that these actions are precisely what make employees WANT to slack off and "steal time" from their employers. 

The evidence is clear: The best way to drive productivity is to let employees work when and where they want, and to trust them

The Silk Road marketplace saga was one of the most bonkers tech stories of our time

The Silk Road was the first modern dark web marketplace, an online place for anonymously buying and selling illegal products and services -- mostly illegal drugs -- using Bitcoin. The creator ended up with a life sentence in prison. But before the feds shut it down, someone stole bitcoin from the site. And by the time they found it in the floor of the hacker's house, that bitcoin was worth $3.3 billion!

Here's the incredible story of the Silk Road marketplace.

Zero trust in plain English

Everybody's talking about the zero trust security model. And there's a very good reason for that: It's one of the most effective cybersecurity approaches ever invented. Zero trust takes a “default deny” security posture. It uses microsegmentation and least privileged access principles to stop intruders. But what does all this mean? Here's why zero trust works when everything else fails in terms everybody can understand. 

The one real problem with synthetic media

Real life comes at you fast. Fake life comes even faster.

Content creators, marketers, company bloggers, and others are rushing to take advantage of the new synthetic media trend.

AI-generated synthetic media is arguably the most exciting realm in technology right now. Some day, it will transform business. But for now, it’s a legal third rail you should avoid. Here's why

Twitter is the new poster child for failing at compliance

All companies have to comply with privacy and security laws. They must also comply with any settlements or edicts imposed by regulatory agencies of the U.S. government.

But Twitter now finds itself in a precarious position and appears to be failing to take its compliance obligations seriously. The case is a “teachable moment” for all organizations, public and private.

The cybersecurity takeaway from Twitter’s verification chaos

On Twitter, a notable person verifies who they are, and now they’re verified for all time (or until a billionaire buys the service and changes the verification policy). Whether verified or not, Twitter users must authenticate themselves with passwords and phone numbers.

Verification usually happens one time in any given system. Authentication is a repeated act to demonstrate that the person accessing something is, in fact, the person previously verified. Verification is: “Here’s proof that Mike Elgan is a specific person.” Authentication is: “The person attempting to gain access to a system is, in fact, specifically the previously verified Mike Elgan.” 

Like Twitter, organizations of all types need both verification and authentication.

Reframing our understanding of remote work

It's time to retire the stale old narratives about remote work, hybrid work, and flex work.

Is remote work temporary or here to stay? Are remote workers goofing off or more productive? Is hybrid work a compromise between employees who want remote work and managers who do not?

These questions are obsolete.

Remote and hybrid work, in fact, are here to stay.

So the only remaining question (which isn't asked often enough) is: How do we make remote work perform best — for ourselves and our organizations?

How posture management prevents catastrophic cloud breaches

We’ve all heard about catastrophic cloud breaches. But for every cyberattack reported in the news, many more may never reach the public eye. Perhaps worst of all, a large number of the offending vulnerabilities might have been avoided entirely through proper cloud configuration.

Many big cloud security catastrophes often result from what appear to be tiny lapses. For example, the famous 2019 Capital One breach was traced to a misconfigured application firewall.

Could a proper configuration have prevented that breach? Absolutely. But the problem isn’t as straightforward as a single error enabling a specific attack since many organizations have massive numbers of misconfigurations.

The difficulty is finding and fixing all the configurations which constantly arise because of dynamic and complex cloud activity. As time goes on, it’s increasingly clear that the challenge must be met with good cloud security posture management.

ChatGPT: Finally, an AI chatbot worth talking to

AI chatbot experts are all talking about — and talking to — a newish research project from artificial intelligence research organization OpenAI. It’s called ChatGPT.

It was only this last summer when DALL-E 2 took the world by storm and transformed the public’s understanding of what’s possible with AI art. I believe ChatGPT will make a much bigger impact, because its results are far more useable and useful to a wider range of people.

Inside the second White House Ransomware Summit

Ransomware is a growing, international threat. It’s also an insidious one.

The state of the art in ransomware is simple but effective. Well-organized criminal gangs hiding in safe-haven countries breach an organization, find, steal and encrypt important files. Then they present victims with the double incentive that, should they refuse to pay, their encrypted files will be both deleted and made public.

In addition to hundreds of major attacks around the world, two critical ransomware incidents — the Colonial Pipeline attack and the attack on US meatpacking company, JBS — proved that this threat could no longer be ignored. In fact, American financial institutions lost $1.2 billion in costs associated with ransomware attacks in 2021, according to data reported by banks to the U.S. Treasury Department.

Incidents are on the rise, ransoms are on the rise, and the world has finally had enough. And so last year, the White House launched an initiative to attack the problem. Here's what happened. 

It's time to talk about productivity again

Remember when everybody used to obsess over productivity? That conversation has fallen out of fashion in recent years. But it's time to bring it back.

The reason is that productivity crashed this year.

A productivity decline in the second quarter of this year was the largest ever recorded by the Bureau of Labor Statistics. (It recovered very slightly in the third quarter.)

Changes in productivity appear to shed light on the remote work/work-from-home trends. A simplistic view is that productivity went up when more people worked from home, then crashed when many were forced to come to work again.

I'm a strong advocate for remote work, but I think this conclusion is wrong.