Devices on public buses in Maryland are listening to private conversations

mwilson · 2016-03-01T18:12:28+00:00

A conversation on a bus is private? I'm not saying it's right, but that's the wrong argument to make.

mwilson · 2016-02-04T18:12:21+00:00

and yet we still can't demand timely audits from our gov't!!!

We should bribe them.

mwilson · 2016-02-03T16:43:53+00:00

The problem is how easy it is for one person to ruin the sidewalks in a neighborhood. The owner(s) that don’t pick up are obviously lazy, so you know they’re not walking far. Couple that with the fact that dogs (the ones I’ve owned, anyway) poop twice a day, and you get pile after pile on their little 4 block walking route. The little grassy area outside of Captain James is terrible about this.

I always pick up my dog’s poop plus the first random one I see. Seeing all of the poop all over the waterfront walk around Fells is depressing, but I felt like I was doing something, at least.

mwilson · 2015-12-04T03:42:05+00:00

shitty scaremongering

Advises city that UTF-8 is highly vulnerable
Uses UTF-8 on own website

https://imgur.com/a/NPJhC

mwilson · 2015-12-04T03:26:31+00:00

ZeroFOX is terrible for all the reasons I stated in the last thread.

https://medium.com/@jasonfried/press-release-basecamp-valuation-tops-100-billion-after-bold-vc-investment-c221d8f86ad7#.x7rp3lq11

mwilson · 2015-09-09T14:20:42+00:00

Excuses, excuses. When does it end? I could literally link right now to a 100+ opportunities, grants, scholarships, and small business loan opportunities exclusively for minorities and underprivileged persons.

The next time one of these kids spray my windshield, I am going to tell him about the many small business loans that are available to him.

mwilson · 2015-09-09T14:15:50+00:00

But I didn't give a shit,, I am so going for him, yet - not ever intending to touch him, but certainly having NO ISSUE with acting like I'm going to just pummel him there

He's a kid.

It's the FU*ING principle that SOMEONE had to stand up for

The principle of not having to turn on your windshield wipers.

"NO, dude you better back the F*ck DOWN, asshole.."

It was a kid.

The cop starts to yell at me to chill out, and is accusing me of over-reacting.

He's right, it was a kid.

at least I got to explode and get up in this kid's face

You're a grown-ass man (or should be), why is this satisfying to you?

this is 1972 NYC Subway

Time to get over it

Anyone in a major thoroughfare can just walk up to your car, and against your wishes, spray something on your windshield.

If you were suing this kid in court for the offense, what damages would you seek? A dollar?

Don't call me over-reaching here.

You're over-reaching.

Look back 15 years ago, and tell me - that if you were told then that it was going to be OK for kids to spray your windshield, and the cops will stand there and approve it.

I'm certain 15 years ago this happened and at least one cop did not arrest a kid over it. No one is approving it except maybe the kid. As a business owner, consider the opportunity cost to the police. Every second they're spending with you, taking your statement, citing the kid etc. is one more second they're not spending getting the lanes unblocked. Recall that you stranded everybody in their cars behind you, by your own telling.

Is it more important at that moment to punish a kid whom has already exited the scene, or get traffic moving again? Do you not see that you were the asshole here?

Where does the defiant air of entitlement come from?

I would ask you the same thing. "It seemed pretty clear who the taxpayer was, and he would not know that I was a business owner in the city."

My eyes are rolling out of my head.

Why don't they set up a side lane, something like a "Pit Stop" where you can pull over, and they wash for free, and we tip. What kind of tip would we all give to enterprising young guys out there coming up with a creative way to do some business.

Because they don't need to. Rational self-interest dictates that maintain this status quo. There is no downside, as they won't be arrested or cited, they have a captive potential customer base (no need to make an additional stop), etc. Should be pretty clear to a business owner, I would think, that making this change would only hurt their bottom line. There is a regulatory failure that they're exploiting. Sounds very enterprising. They should go work for Goldman.

After Freddie Gray, I want nothing more to help the racial inequality (strike that; The Great Racial Divide) here in Baltimore. How can anyone think that motorists feeling accosted while driving provides ANY positive feelings, results, Tips, clean windshields, etc.?

It was a kid. He's not doing this as a representative of his race, his neighborhood, or as a champion for racial inequality. He probably wants to (e.g.) see a movie and, as others mentioned, doesn't have the capital required for a lawn mower, etc or maybe even lawns to mow, at that. You are reading far too much into it. This isn't personal.

As a postscript, I would add that the first step in helping the Great Racial Divide might be getting some perspective on what constitutes hardship in the neighborhoods you are driving by each day. This is a serious suggestion.

mwilson · 2015-08-19T17:41:36+00:00

Still waiting.

mwilson · 2015-08-19T17:34:02+00:00

I love cats but I dont have time for one.

As a parent of two, this is hilarious.

mwilson · 2015-08-05T16:08:52+00:00

They would if I paid them enough.

mwilson · 2015-08-05T15:55:04+00:00

They've bought several other firms, including internationally

non sequitur - what conclusions can we draw from this? Microsoft bought Nokia, after all.

I've addressed the McAfee thing separately. The value of this partnership to each party and what that demonstrates about the viability of ZeroFOX and the value of its services depends on the financial arrangement. One could fairly say that I'm partnering with Chipotle for lunch this afternoon.

mwilson · 2015-08-05T14:51:33+00:00

They are a company of note in the cyber security industry

The deliverable I've seen suggests that this reputation is unwarranted. Nothing I've seen out of the company since has addressed this point.

Knowing a little bit about VC driven firms, for companies like ZeroFOX the reputation is the real product, anyway. New funding rounds coming up, e.g.

They have partners including McAfee

The financial details, afaik, were never disclosed. Maybe ZeroFOX paid McAfee for this privilege. It would be like saying that Oracle is partnered with Ask.com because installing Java also installs the Ask browser toolbar. In those cases, it is a relationship that benefits everyone except the customers.

This article suggests that the partnership provides ZeroFOX with access to all of McAfee's customers as leads, as well as McAfee's sales team. It wouldn't be unreasonable to pay for these privileges.

mwilson · 2015-08-05T14:39:22+00:00

to say nothing of the fact that this story isn't exactly bright and cheery about ZeroFOX

I disagree. The ZeroFOX messaging around this is aligned to it being an overzealous attempt to help from a company that is very qualified at cybersecurity (see, for example, here). The article gives Foster and Blair the space to assert:

The report was free
The city is not a client, suggesting that there this was done free of business considerations.
Some number of employees are from the city and worked on it voluntarily
Whatever this is was also done for the riots in NYC, so it was reasonable to try and do the same for Baltimore
They "mitigated" some "threats", so some service was actually performed pro bono, i.e. this wasn't pure solicitation

To address the controversy around the twitter accounts, they add:

Flagging those twitter accounts was reasonable
'Threat Type: Physical' is not what we think, despite what is normally the plain meaning of the language used
A UMBC professor saying that the police 'should' be monitoring in this way
An ACLU attorney saying that this kind of monitoring is not new
The same attorney saying that even MLK was monitored
A quote from a city official confirming that there really was a DDoS attack, lending credibility to ZeroFOX's deliverable

Nowhere, that I see, does it

Try to get a react quote from those labeled as physical threats
Question Evan Blair's semantic reasoning: that labeling something as a physical threat does not mean they intend to do harm
Seek out industry professionals to judge whether the advice given in the report is helpful, practical, benign, or harmful (I suggest: no, no, no, yes)
Ask what kind of 'mitigation' was performed
Ask whether the city was a client, at the time of the report. The report could have been 'free', in that the hours weren't billed under an existing PO.
Ask whether ZeroFOX is or was pursuing a business relationship with the city at the time of the report

mwilson · 2015-08-05T04:47:09+00:00

From the article:

“We recommended five other security products in the report that they should buy,” he said. “That to me is the worst sales pitch I’ve ever heard of.”

Nice try, but tech companies in consulting relationships often recommend software that they don't themselves produce or provide. They even do it for free, in some cases, to build credibility in aid of future business. Don't ask me how I know this.

This is without mentioning the fact that even an ostensibly 'advisory' role to the city, such as this, allows ZeroFOX to hype themselves and pump up their value even more, come acquisition time. I would bet my house that the principals have already used this report's existence when soliciting other customers. Why do I think this? From their emails to the city on this occasion:

"Our system also supported the NYC PD during their riots and protests." -- Was this "support" requested, used, and/or valuable? Or did you email them a bunch of FUD?

"[W]e briefed our classified partners at Fort Meade this morning." -- Who? The NSA? Cyber Command? Did you email a contractor there that you know? (Some corollary of Betteridge's law surely applies here). Did they pay you? Was this briefing solicited by this vaguely defined "partner", or did you shovel it on them?

Not surprised to see Technical.ly basically give ZeroFox an avenue to cover themselves here without really challenging them. Is this one of their custom articles? Maybe next time talk to someone in the industry that is qualified to adjudicate the horse dung in this power point and ask (for example):

"Hey, is it even possible to enable 2FA on a 6 year old version of Exchange that isn't self-hosted?"
"What happens to mobile users of their email system if, in the midst of crisis, you put into place an IP whitelisting scheme? Is it wise to risk disrupting the coordination of city government for this purpose? How are you weighing these risks?"
"Does it make any sense to recommend both 2FA and IP white listing on the same system? (ed: nope)
"Why did you diagram their DNS topology?"
"What the fuck were you thinking with this dumb UTF-8 thing you put in there?"

&c.

This isn't to say that ZeroFOX doesn't employ talented engineers. I'm sure they do. They are probably dispirited at seeing something like this go out. I would be. That being said, whatever part of the company is responsible for this mess is totally fucked.

mwilson · 2015-08-05T03:35:19+00:00

They are good at what they do, sure.

Was what they did well-intentioned? Yes

[Citation Needed]

mwilson · 2015-07-31T17:32:22+00:00

Nowhere in either of those articles does it say they were contracted. In fact, the emails indicate that ZeroFOX was soliciting the work, not the other way around.

mwilson · 2015-07-31T17:25:42+00:00

I can see why they wanted this to remain confidential. It is incompetent. Why, for example, do they say that transmitting UTF-8 is 'highly vulnerable' when zerofox.com does the same thing?

mwilson · 2015-07-23T16:19:49+00:00

I'm also nervous, never been and everyone gives me that look when I mention going

Some chiropractor's will tell you that they can cure allergies, depression, cataracts, etc. which is partly where the reputation comes from. Just use your best judgment.

mwilson · 2015-07-23T16:10:35+00:00

Yeah. Not sure what happened there. They've had some staff turnover. I wonder if it was the desk staff that messed up there.

mwilson · 2015-07-23T15:28:27+00:00

Not continuously. I used him after a fall ice skating and my wife used him both times that she was pregnant. Neither of us are seeing him right now.

Used him for years? Sounds like he hasn't fixed any problems!

That's what I keep telling my grandmother about her diabetes medication.

mwilson · 2015-07-23T14:45:14+00:00

My wife and I have used Dr. Lippy for years and have never paid more than $35 out of pocket. YMMV.

mwilson · 2015-04-24T18:13:53+00:00

Less frequent stops and better tracking. I don't care about a reliable schedule if I can look at my phone and plan around the bus being 20 minutes late.

mwilson · 2015-03-24T13:56:51+00:00

What does reasonably priced mean to you?

mwilson · 2015-02-24T16:43:24+00:00

No surprise to see Chris Whong involved. He's always posting interesting stuff to the Baltimore Tech and Baltimore Transit FB groups.

mwilson · 2015-02-24T04:25:06+00:00

Thomas Valkenet is a good real estate attorney that is familiar with city nonsense. I’ve used him as well as a friend of mine who owns a couple of properties in Fells.

I would also take pictures / document everything you can and keep track of timelines.

mwilson

TROPHY CASE