Twitter is the new poster child for failing at compliance

All companies have to comply with privacy and security laws. They must also comply with any settlements or edicts imposed by regulatory agencies of the U.S. government.

But Twitter now finds itself in a precarious position and appears to be failing to take its compliance obligations seriously. The case is a “teachable moment” for all organizations, public and private.

The cybersecurity takeaway from Twitter’s verification chaos

On Twitter, a notable person verifies who they are, and now they’re verified for all time (or until a billionaire buys the service and changes the verification policy). Whether verified or not, Twitter users must authenticate themselves with passwords and phone numbers.

Verification usually happens one time in any given system. Authentication is a repeated act to demonstrate that the person accessing something is, in fact, the person previously verified. Verification is: “Here’s proof that Mike Elgan is a specific person.” Authentication is: “The person attempting to gain access to a system is, in fact, specifically the previously verified Mike Elgan.” 

Like Twitter, organizations of all types need both verification and authentication.

Reframing our understanding of remote work

It's time to retire the stale old narratives about remote work, hybrid work, and flex work.

Is remote work temporary or here to stay? Are remote workers goofing off or more productive? Is hybrid work a compromise between employees who want remote work and managers who do not?

These questions are obsolete.

Remote and hybrid work, in fact, are here to stay.

So the only remaining question (which isn't asked often enough) is: How do we make remote work perform best — for ourselves and our organizations?

How posture management prevents catastrophic cloud breaches

We’ve all heard about catastrophic cloud breaches. But for every cyberattack reported in the news, many more may never reach the public eye. Perhaps worst of all, a large number of the offending vulnerabilities might have been avoided entirely through proper cloud configuration.

Many big cloud security catastrophes often result from what appear to be tiny lapses. For example, the famous 2019 Capital One breach was traced to a misconfigured application firewall.

Could a proper configuration have prevented that breach? Absolutely. But the problem isn’t as straightforward as a single error enabling a specific attack since many organizations have massive numbers of misconfigurations.

The difficulty is finding and fixing all the configurations which constantly arise because of dynamic and complex cloud activity. As time goes on, it’s increasingly clear that the challenge must be met with good cloud security posture management.

ChatGPT: Finally, an AI chatbot worth talking to

AI chatbot experts are all talking about — and talking to — a newish research project from artificial intelligence research organization OpenAI. It’s called ChatGPT.

It was only this last summer when DALL-E 2 took the world by storm and transformed the public’s understanding of what’s possible with AI art. I believe ChatGPT will make a much bigger impact, because its results are far more useable and useful to a wider range of people.

Inside the second White House Ransomware Summit

Ransomware is a growing, international threat. It’s also an insidious one.

The state of the art in ransomware is simple but effective. Well-organized criminal gangs hiding in safe-haven countries breach an organization, find, steal and encrypt important files. Then they present victims with the double incentive that, should they refuse to pay, their encrypted files will be both deleted and made public.

In addition to hundreds of major attacks around the world, two critical ransomware incidents — the Colonial Pipeline attack and the attack on US meatpacking company, JBS — proved that this threat could no longer be ignored. In fact, American financial institutions lost $1.2 billion in costs associated with ransomware attacks in 2021, according to data reported by banks to the U.S. Treasury Department.

Incidents are on the rise, ransoms are on the rise, and the world has finally had enough. And so last year, the White House launched an initiative to attack the problem. Here's what happened. 

It's time to talk about productivity again

Remember when everybody used to obsess over productivity? That conversation has fallen out of fashion in recent years. But it's time to bring it back.

The reason is that productivity crashed this year.

A productivity decline in the second quarter of this year was the largest ever recorded by the Bureau of Labor Statistics. (It recovered very slightly in the third quarter.)

Changes in productivity appear to shed light on the remote work/work-from-home trends. A simplistic view is that productivity went up when more people worked from home, then crashed when many were forced to come to work again.

I'm a strong advocate for remote work, but I think this conclusion is wrong.

What is it about Provençal cuisine that makes it so irresistible?

Great farmers, highly skilled chefs, a long tradition of country cooking, a brilliant Mediterranean fishing coastline in the South of France, the world’s greatest farmland and the double influences of French cooking specifically, and Mediterranean cooking generally. And truffles! 

Provence is also one of the world’s great wine countries. 

Like Italian and Greek food culture, Provençal gastronomy is a “cuisine du soleil,” a profoundly Mediterranean cuisine based on seafood, olive oil, beans, herbs and plenty of vegetables. 

Provence dishes favor the world’s tastiest lamb; most amazing produce like tomatoes, cherries, berries and more; a delicious salmon-looking trout called the Sorgue trout; and many other incredible ingredients. 

But it’s also specifically French, with the world’s greatest cheese, wine and bread.

But here's why the food of Provence is so amazing

I'm on TWiG!

Don’t miss This Week in Google, with hosts Leo Laporte, Jeff Jarvis, Ant Pruitt and guest: Me! Watch here now.

We talk about the FTX celebrity fallout, Elon Musks Twitter blunders, the end of Protocol, the Swifty Ticketmaster crunch, all manner of Mastodon matters, Amazon layoffs, narcissistic billionaire troubles, the fate of Evernote, birdsong, NASA’s moon launch, Google Wallet on Fitbit, Android Auto and more!

Subscribe to TWiG.

Get the show notes, download, associated links and more.

Get episodes ad-free by joining Club TWiT!

How the DNSChanger shutdown changed cybersecurity

On the morning of July 9, 2012, the world braced for an “internet doomsday”: a full-scale crash of the global internet.

Except it didn’t happen. And that non-event represented the culmination of a long and successful coordinated action taken between a huge number of organizations, spearheaded by the FBI.

It was one of the most remarkable operations in the history of cyber crime, and it led to lasting changes in how professionals think about and defend against malicious cyberattacks. 

Here's how the DNSChanger malware reaction changed cybersecurity forever. 

Why are cloud misconfigurations still a major issue?

Cloud misconfigurations are by far the biggest threat to cloud security, according to the National Security Agency (NSA). The 2022 IBM Security X-Force Cloud Threat Landscape Report found that cloud vulnerabilities have grown a whopping 28% since last year, with a 200% increase in cloud accounts offered on the dark web in the same timeframe.

With vulnerabilities on the rise, the catastrophic impact of cloud breaches has made it clear that proper cloud security is of the utmost importance. And so the question arises: Are your organization’s misconfigured cloud resources being advertised to malicious hackers?

How ‘synthetic media’ will transform business forever

The biggest technology-driven trend to affect business in the coming years is synthetic media. Yet this phrase is rarely even uttered in boardrooms and on Zoom meetings.

It’s time to clarify what synthetic media is, and why it’s going to be so impactful.

Synthetic media is any kind of video, pictures, virtual objects, sound or words that is produced by, or with the help of, artificial intelligence (AI). This category includes deepfake content, text-prompted AI-generated “art,” virtual content in virtual reality (VR) and augmented reality (AR) environments, and other new content types.

Many synthetic media tools started as obscure academic research or limited-beta online playthings. But it’s now on the brink of making a colossal splash in business, marketing, media and, well, human culture.

How colossal? In the book “Deepfakes: The Coming Infocalypse,” author and synthetic media analyst Nina Schick estimates that some 90% of all online content may be synthetic media within four years.

Here's why media is going synthetic

Digital nomad pro tip: Don't skimp on a backpack!

My backpack failed me in the worst way. The zippers failed at the Marseille Airport rental car lot. The backpack was less than a year old. 

In October of last year, I bought the Endurax Camera Drone Backpack. I liked it because it had a flat drone launching pad, a rain-proof cover, lots of space and cost only a hundred bucks on Amazon

Big mistake. 

The front panel, which exposed the entire innards of the backpack, closed with two zippers, which met in the middle. 

Some months ago, one of the zipper's sliders slipped off the "teeth" or "chain" of the zipper. It was inconvenient, but I kept using it with the other zipper. 

Then, a couple months ago, the second zipper slipped off as well. I had to carry the backpack horizontally with both arms in front of me to the rental car. (I understood the possibility of using pliers to re-connect the sliders. But I had lost faith in the zipper.)

Once we arrived at our apartment in Provence, I used the mini day pack that attaches to, and came with, my Meridian rolling luggage. The pack is handy, but it's really a minimal, poorly protected skimpy backpack. That's what I used for the next two months. I carried it across France, Spain and Morocco. I wore it in the Sahara desert. 

In that tiny backpack I squeezed my brand-new M1 MacBook Pro, my iPad Pro and my Sony A7 III dslr into the backpack, using T-shirts for padding. 

During two months of travel, the flimsy backpack damaged the expensive Pad & Quill cover for my laptop, and probably damaged my camera. It was painful to wear. When it rained, I had to take shelter because I knew the backpack couldn't handle the rain. 

It was a stressful, painful two months, thanks to the failure of my backpack. 

But no more. 

I just bought the Peak Design 45L Travel Backpack (pictured above). It cost three times the amount as my previous backpack, and worth every penny. It has super high-quality, waterproof zippers. All the materials are extremely high quality, plus it has a gazillion great features that you can research if you're interested (mostly around the designs for wearability, access and straps). It's really an incredible backpack. I also bought a small "Camera Cube" to optimize the protection and use of my DSLR. 

My point is not to praise the Peak Design backpack specifically, but to offer the following advice: Don't fuck around with your backpack purchase if you're an internationally traveling digital nomad, especially one like me who carries expensive gear. 

My attempt to save a few bucks almost cost me thousands of dollars in damaged equipment, nearly wrecked my back and created needless stress while traveling. 

When you buy a backpack, get one that will not fail you. When you're abroad carrying expensive gear, backpack failure is not an option. 

What CISOs want to see from NIST’s impending zero trust guidelines

Cybersecurity at U.S. federal agencies has been running behind the times for years. It took an executive order by President Joe Biden to kickstart a fix across the agencies. The government initiative also serves as a wake-up call to enterprises lagging in getting zero trust up and running. 

There’s much to be learned, and much to be gained, by CISOs from NIST’s zero trust guidelines. Above all, understand that the zero trust era is truly here.

Quit quitting on the quiet quitters

Though definitions vary, quiet quitting is the deliberate withholding by an employee of their full potential effort at work.

The Gallup organization calls "quiet quitters" "actively disengaged workers," and their percentage has, in fact, risen in the past two years.

But the "quiet quitter" label is new, enabling the concept to go viral on social media.

Technically, the phrase is misleading. Quiet quitting is explicitly undertaken as an *alternative* to quitting. 

But quiet quitting represents a breakdown in communication. And that's the biggest problem. The problem isn't the "quitting" (that isn't quitting). The problem is the "quiet" part.

It's time to communicate. So don't quit on the quiet quitters.

Nearly all surveyed voice actors fear being replaced by AI

A survey by the UK's union for performing arts workers, Equity, found that 93% of audio artists thought AI posed a threat to their jobs. 65% of all members thought the same. 

AI-based audio tools aren't in the union, don't get tired and work super fast., for example, can create an audiobook in 10 minutes in 43 languages. Great piece in the Financial Times

Clothing store hires virtual model as the computer-generated face of their brand

The clothing store PacSun has hired Instagram "influencer" Lil Miquela as their new model. 

Miquela is a fake person created by a Los Angeles software company called Brud. The simulated human, who has 3 million followers on Instagram, previously did "modeling" work for Calvin Klein and often appears superimposed in photographs interacting with real humans. 

Instagram posts on the @lilmiquela account generate confused but enthusiastic comments: 

How you been ????

Bestie you look hot!

I love you

Surely they know that there is no Miquela there. What's disturbing is that people do know, but don't care. They seem to want to interact with an influencer, but don't care that the influencer they're interacting with isn't there at all. 

Some consider Miquela to be the future of branding. As a model "she’ll never age, clothes will always fit her perfectly in advertisements, and she’ll always do exactly what you ask of her," according to Input magazine.

Come to think of it, those are great qualifications for actors -- either wholly fabricated or re-creations of living actors.  

What you need to know about the metaverse office of the future

It’s easy to say, as many have in recent months, that the office of the future is in the so-called metaverse or that the metaverse is the solution to remote and hybrid work issues.

It’s easy because the word “metaverse” does not have a universally accepted meaning.

For example, if the statement “The office of the future is in the metaverse” means people start their day by putting on virtual reality (VR) goggles, sitting at a virtual desk using a virtual computer surrounded by avatars, and going to virtual meetings in a universally shared extended-reality virtual space, I would strongly disagree with that prediction.

If, however, the statement means that, in addition to the tools we have now, we’ll also sometimes use augmented reality (AR) and VR briefly for specific purposes, I would not only agree, I would say:

“Of course — this has been assumed for decades. This is obviously going to happen.”

Forget the hype and wishful thinking. Here's how "metaverse" technologies will affect the future of work.

Why your company should subscribe to podcasting

The remote work revolution comes with challenges that have not been remotely solved in most organizations that have made the transition.

Among these challenges are:

  • Remote onboarding;
  • Zoom fatigue and remote meeting overload;
  • Up-to-date cybersecurity and tech training;
  • Culture-building by remote staff;
  • Asynchronous communication

The solution to these problems may be right there in your pocket: podcasting. Here's why. 

The past, present and future of endpoint management solutions

Endpoint management is a simple concept that’s become more complex over time. Initially, it was about provisioning and managing the computers and devices that people use in your organization in the bring your own device (BYOD) and mobile computing era. Then the Internet of Things (IoT) made things far more complex. And now perimeter security is being replaced by zero trust. 

The evolution of endpoint management is one of tackling increasing complexity. Here's what you need to know. 

The Guelaguetza: Oaxaca’s epic indigenous cultural event of food, dance, music and spectacle

The Guelaguetza: Oaxaca’s epic indigenous cultural event of food, dance, music and spectacle

Each summer, the city of Oaxaca dresses up in retina-searing colors and transforms itself into the most important indigenous cultural event anywhere in the Americas.

We've had the privilege of attending this year's Guelaguetza Festival for the first time, thanks to the help and courtesy of Oaxacan friends. And we have loved every minute of it.

Here's what the Guelaguetza is all about

How remote work will improve lives — and destroy cities

Remember when tech workers were ruining San Francisco by their very presence?

The crisis peaked between 2014-2017 when the booming tech industry was blamed for driving up the cost of real estate. Tech companies drove high demand for office space and also rental housing.

Now they're being blamed for ruining San Francisco — by their absence.

The absence of tech and other workers is crushing city budgets and services, which could cause a chain reaction leading to the decay and shrinking of urban centers.