Later On

A blog written for those whose interests more or less match mine.

Archive for the ‘Technology’ Category

How to Cancel Your Amazon Prime Membership (and Why You Should)

with one comment

Izzie Ramirez writes in Vice Motherboard:

Amazon Prime can sometimes feel like a necessary evil. It has everything you could possibly want, and it can usually be at your door within a couple of days.

Because of its benefits, like free two-day shipping, streaming services, and delivered groceries, Amazon Prime operates at a loss. But it effectively keeps consumers locked into its monopoly of an ecosystem that has dangerous consequences. It has ties to the Department of Homeland Security (and therefore Immigration Customs and Enforcement), encourages a dangerous, racist surveillance state, and continues to have terrible labor practices, despite walkouts and protests.

If you find yourself tired of financially supporting Amazon Prime’s despicable actions or if you’re done paying $119 a year for services you barely use (I personally use it twice a year to buy books for school), there is a way out.

Here’s how to cancel Amazon Prime as quickly and painlessly as possible:

  • First, sign into your Amazon account on your computer.
  • Click the “Account & Lists” tab on the top right for a drop-down menu. There, you should see two columns, one for lists and one for your account info. Click on “Your Prime Membership.”
  • Once you’re on the membership page, you’ll see all the deals, promotions and benefits Amazon tells you have. (Mine suggested a $8.99 safety vest and a music subscription I will never use in my life). To the left, you should see three boxes: one with your plan information, payment method, and membership management. You’re gonna scroll down to the membership management box and click on “End Membership and Benefits.”
  • Amazon PrimeNow, Amazon will take you to the “Are you sure you want to end your membership?” page. Do not be fooled. Do not click on “Click here to see your offers,” “Remind Me later,” or “Keep My Benefits.” Select the button in the middle that says “End My Benefits.” . . .

Continue reading.

Written by LeisureGuy

15 August 2019 at 6:23 pm

Three Years of Misery Inside Google, the Happiest Company in Tech

leave a comment »

Nitasha Tiku writes in Wired:

ON A BRIGHT Monday in January 2017, at 2:30 in the afternoon, about a thousand Google employees—horrified, alarmed, and a little giddy—began pouring out of the company’s offices in Mountain View, California. They packed themselves into a cheerful courtyard outside the main campus café, a parklike area dotted with picnic tables and a shade structure that resembles a giant game of pickup sticks. Many of them held up handmade signs: “Proud Iranian-American Googler,” “Even Introverts Are Here,” and of course, “Don’t Be Evil!” written in the same kindergarten colors as the Google logo.

AFTER A FEW rounds of call-and-response chanting and testimonials from individual staffers, someone adjusted the rally’s microphone for the next speaker’s tall, lanky frame. Sundar Pichai, Google’s soft-spoken CEO of 15 months, stood in the small clearing in the dense crowd that served as a makeshift stage. “Over the last 24 to 48 hours, we’ve all been working very hard,” he said, “and every step of the way I’ve felt the support of 60,000 people behind me.”

It was, to be precise, January 30; Donald Trump’s presidency was 10 days old. And Executive Order 13769—a federal travel ban on citizens from Iran, Iraq, Libya, Somalia, Sudan, Syria, and Yemen, and a wholesale suspension of US refugee admissions—had been in effect for 73 hours, trapping hundreds of travelers in limbo at the nation’s airports. For the moment, the company’s trademark admonition against evil was being directed at a clear, unmistakably external target: the White House.

To all the world it looked as if Google—one of the most powerful, pro-immigrant, and ostensibly progressive corporations in the United States—was taking a unified stand. But that appearance of unanimity masked a welter of executive-level indecision and anxiety. It probably would have been more apt if Pichai had said that, over the previous 48 hours, he had been backed into a corner by thousands of his employees.

In those first days of the Trump era, Google’s leaders were desperate to avoid confrontation with the new regime. The company’s history of close ties to the Obama administration left executives feeling especially vulnerable to the reactionary movement—incubated partly on Google’s own video platform, YouTube—that had memed, rallied, and voted Trump into office. (It didn’t help that Eric Schmidt, then executive chairman of Google’s parent company, Alphabet, had been an adviser to Hillary Clinton’s campaign, or that some 90 percent of political donations by Google employees had gone to Democrats in 2016.) Kent Walker, Google’s risk-averse vice president of public policy, had been advising staffers not to do anything that might upset Steve Bannon or Breitbart. So when the travel ban was announced on the afternoon of Friday, January 27, Google executives initially hoped to “just keep [their] heads down and allow it to blow over,” according to an employee who was close to those early calculations.

But the tribal dictates of Google’s own workforce made lying low pretty much impossible. Larry Page and Sergey Brin, the former Montessori kids who founded Google as Stanford grad students in the late ’90s, had designed their company’s famously open culture to facilitate free thinking. Employees were “obligated to dissent” if they saw something they disagreed with, and they were encouraged to “bring their whole selves” to work rather than check their politics and personal lives at the door. And the wild thing about Google was that so many employees complied. They weighed in on thousands of online mailing lists, including IndustryInfo, a mega forum with more than 30,000 members; Coffee Beans, a forum for discussing diversity; and Poly-Discuss, a list for polyamorous Googlers. They posted incessantly on an employee-only version of Google+ and on Memegen, an internal tool for creating and upvoting memes. On Thursdays, Google would host a company-wide meeting called TGIF, known for its no-holds-barred Q&As where employees could, and did, aggressively challenge executives.

All that oversharing and debate was made possible by another element of Google’s social contract. Like other corporations, Google enforces strict policies requiring employees to keep company business confidential. But for Google employees, nondisclosure wasn’t just a rule, it was a sacred bargain—one that earned them candor from leadership and a safe space to speak freely about their kinks, grievances, and disagreements on internal forums.

Finally, to a remarkable extent, Google’s workers really do take “Don’t Be Evil” to heart. C-suite meetings have been known to grind to a halt if someone asks, “Wait, is this evil?” To many employees, it’s axiomatic: Facebook is craven, Amazon is aggro, Apple is secretive, and Microsoft is staid, but Google genuinely wants to do good.

All of those precepts sent Google’s workforce into full tilt after the travel ban was announced. Memegen went flush with images bearing captions like “We stand with you” and “We are you.” Jewglers and HOLA, affinity groups for Jewish and Latinx employees, quickly pledged their support for Google’s Muslim group. According to The Wall Street Journal, members of one mailing list brainstormed whether there might be ways to “leverage” Google’s search results to surface ways of helping immigrants; some proposed that the company should intervene in searches for terms like “Islam,” “Muslim,” or “Iran” that were showing “Islamophobic, algorithmically biased results.” (Google says none of those ideas were taken up.) At around 2 pm that Saturday, an employee on a mailing list for Iranian Googlers floated the possibility of staging a walkout in Mountain View. “I wanted to check first whether anyone thinks this is a bad idea,” the employee wrote. Within 48 hours, a time had been locked down and an internal website set up.

Employees also spent the weekend protesting as private citizens, out in the open. At San Francisco International Airport, a handful of Google lawyers showed up to offer emergency representation to immigrants; many more staffers joined a demonstration outside the international terminal. But one Googler in particular made national newscasts. On Saturday night, without informing anyone at Google, Sergey Brin showed up at the airport to join the crowds. He offered no other comment to the press except to tell Forbes, “I’m here because I’m a refugee,” and to make clear that he was there in a personal capacity.

Between pressure from employees and Brin’s trip to the airport—which had effectively committed the company to sticking its neck out—Google’s own official calculations began to shift. Over the course of the weekend, the company matched $2 million in donations raised by employees for crisis funds for immigrants’ rights. And then on Monday, at the last minute, Pichai decided to speak at the employees’ demonstration.

In his short, off-the-cuff remarks to the packed courtyard, Pichai called immigration “core to the founding of this company.” He tried to inject a dose of moderation, stressing how important it was “to reach out and communicate to people from across the country.” But when he mentioned Brin’s appearance at the airport, his employees erupted in chants of “Ser-gey! Ser-gey! Ser-gey!” Brin finally extricated himself from the crowd and shuffled up to the mic, windbreaker in hand. He, too, echoed the protesters’ concerns but tried to bring the heat down. “We need to be smart,” he said, “and that means bringing in folks who have some different viewpoints.” As he spoke, a news chopper flew overhead.

And that was pretty much the last time Google’s executives and workers presented such a united front about anything.

As the Trump era wore on, Google continued to brace itself for all manner of external assaults, and not just from the right. The 2016 election and its aftermath set off a backlash against Silicon Valley that seemed to come from all sides. Lawmakers and the media were waking up to the extractive nature of Big Tech’s free services. And Google—the company that had casually introduced the internet to consumer surveillance, orderer of the world’s information, owner of eight products with more than a billion users each—knew that it would be an inevitable target.

But in many respects, Google’s most vexing threats during that period came from inside the company itself. Over the next two and a half years, the company would find itself in the same position over and over again: a nearly $800 billion planetary force seemingly powerless against groups of employees—on the left and the right alike—who could hold the company hostage to its own public image.

In a larger sense, Google found itself and its culture deeply maladapted to a new set of political, social, and business imperatives. To invent products like Gmail, Earth, and Translate, you need coddled geniuses free to let their minds run wild. But to lock down lucrative government contracts or expand into coveted foreign markets, as Google increasingly needed to do, you need to be able to issue orders and give clients what they want.

For this article, WIRED spoke with 47 current and former Google employees. Most of them requested anonymity. Together, they described a period of growing distrust and disillusionment inside Google that echoed the fury roaring outside the company’s walls. And in all that time, Google could never quite anticipate the right incoming collision. After the travel ban walkout, for example, the company’s leaders expected the worst—and that it would come from Washington. “I knew we were snowballing toward something,” a former executive says. “I thought it was going to be Trump calling us out in the press. I didn’t think it was gonna be some guy writing a memo.”

II.

IN MANY WAYS, Google’s internal social networks are like a microcosm of the internet itself. They have their filter bubbles, their trolls, their edgelords. And contrary to popular perception, those networks are not all populated by liberals. Just as the reactionary right was rising on YouTube, it was also finding ways to amplify itself inside Google’s rationalist culture of debate.

For some time, for instance, one of the moderators of the company’s Conservatives email list was a Chrome engineer named Kevin Cernekee. Over the years, Google employees have described Cernekee fairly consistently: as a shrewd far-right provocateur who made his presence felt across Google’s social network, trolling both liberals and conservatives.

In August 2015, the giant IndustryInfo mailing list broke into a roiling debate over why there were so few women in tech. The previous year, Google had become the first Silicon Valley giant to release data on the demographics of its workforce—and revealed that 82 percent of its technical workers were male. To many inside the IndustryInfo thread, the number constituted clear and galling evidence that Google had to change. When the conversation devolved into a brawl over the merits of diversity—one that Cernekee joined—a senior vice president at Google attempted to shut it down. Cernekee proceeded to bombard the executive’s Google+ page with posts about his right to critique the pro-diversity “Social Justice political agenda.” “Can we add a clear statement of banned opinions to the employee handbook,” he wrote, “so that everybody knows what the ground rules are?” In response, Google HR issued Cernekee a written warning for “disrespectful, disruptive, disorderly, and insubordinate” comments.

Google also took action against employees on the opposite side of the debate for their conduct in the same thread; but disciplining Cernekee had more lasting consequences. In November 2015, Cernekee filed a charge with the National Labor Relations Board claiming that Google’s warning constituted retaliation for his political views. He also alleged that the reprimand interfered with his right to engage in “protected concerted activity”—essentially, his right to freely discuss workplace conditions—as defined under the National Labor Relations Act.

As Cernekee entered into a years-long legal battle with Google, he stayed active on internal channels. In 2016, when members of a white nationalist group called the Golden State Skinheads clashed with antifa counterprotesters in a Sacramento park, Cernekee spoke up for the former on Google’s Free Speech mailing list. Though he said he was “the farthest thing possible from a Nazi,” Cernekee argued that the skinheads “stood up for free speech and free association.” And in January 2017, when the prominent white nationalist Richard Spencer was punched in the head by a masked protester after Trump’s inauguration, Cernekee told his fellow list members that “the battle over free speech is escalating.” He asked them to donate to a WeSearchr campaign that was raising a bounty for anyone who could track down the identity of the assailant. When mailing list members said that WeSearchr—a far-right answer to GoFundMe founded by the agitators Charles C. Johnson and Pax Dickinson—seemed shady, Cernekee wrote, “It is completely on the up-and-up. Please don’t slander my friends. :-(.”

But as conspicuous as Cernekee was inside Google, he was all but invisible on the open internet. Consequently, it wasn’t Cernekee who would become Google’s most famous heretic. That distinction would fall to a comparatively reticent Google Search engineer named James Damore.

In late June 2017, Damore attended a company event about promoting diversity at Google, hosted at the Mountain View headquarters. There, he claims, he heard organizers discuss providing extra job interviews and more welcoming environments for women and underrepresented minorities. (Google says it does not provide additional interviews for people belonging to specific demographics.) To Damore, this all sounded like a violation of Google’s meritocratic hiring process, a finely tuned system built to identify objectively qualified engineers.

Soon after, on the plane ride back from a work trip to China, Damore wrote a 10-page memo arguing that biological differences could help explain why there were fewer female engineers at Google, and therefore the company’s attempts to reach gender parity were misguided and discriminatory toward men. On average, he wrote, women are more interested in people than things, more empathetic, more neurotic, and less assertive. To support these claims about personality differences, Damore cited two studies, three Wikipedia pages, and an article from Quillette, a contrarian online magazine that often covers free speech on campus and alleged links between genetics and IQ. In the memo, Damore wrote that hiring practices aimed to increase diversity “can effectively lower the bar” at Google.

All through July, Damore tried to get Google’s management to pay attention to his concerns. He sent his memo to the diversity summit’s organizers; he sent it to Google’s human resources department; at the suggestion of a coworker, he posted it in Coffee Beans, the internal listserv for discussions about diversity. He made the same points in person at one of Google’s “Bias Busting” workshops, where employees role-play how to identify unconscious bias against minorities. (There, he later claimed, his coworkers laughed at him.)

Damore framed his memo as an appeal for intellectual diversity, identifying his reasoning as a conservative political position silenced by Google’s “ideological echo chamber.” “It’s a perspective that desperately needs to be told at Google,” Damore wrote.

Plenty of Damore’s colleagues, however, had heard this perspective before. Ad nauseam. “People would write stuff like that every month,” says one former Google executive. When the subject of diversifying Google’s workforce comes up in big meetings and internal forums, one black female employee says, “you pretty much need to wait about 10 seconds before someone jumps in and says we’re lowering the bar.” (After one diversity town hall in April 2015, an employee wrote in an internal Google+ post that Google was “lowering the hiring bar for minorities, or arranging events where white men feel excluded.”) What’s more, the debate kept coming up in a repetitive loop because of the constant influx of young graduates who were engaging in these discussions for the first time. Google was hiring at a breakneck pace at the time. Between 2015 and 2017, it added some 20,000 full-time employees, about the same number as Facebook’s entire workforce. (And even after all that hiring, Google’s technical workforce was 80 percent male, 56 percent white, and 41 percent Asian.)

Damore’s memo might have faded into obscurity if a colleague hadn’t suggested that he share it with some more receptive audiences inside Google. On Wednesday, August 2, Damore posted his memo to an internal mailing list called Skeptics. The next day he shared it with Liberty, an internal list for libertarians—one Damore hadn’t known existed. By Friday, the tech blog Motherboard was reporting that an “anti-diversity manifesto” had gone viral inside Google.

Pichai was on vacation when his deputies told him that Google had better deal with the Damore situation quickly. Pichai agreed and asked to corral his full management team for a meeting. By Saturday, a full copy of Damore’s document had leaked to Gizmodo. While Googlers waited for an official response from the top, managers who wanted to signal their support for women loudly condemned the memo’s ideas on internal Google+ posts.

To Liz Fong-Jones, a site reliability engineer at Google, the memo’s arguments were especially familiar. Google’s engineers are not unionized, but inside Google, Fong-Jones essentially performed the function of a union rep, translating employee concerns to managers on everything from product decisions to inclusion practices. She had acquired this informal role around the time the company released Google+ to the public in 2011; before launch, she warned executives against requiring people to use their real names on the platform, arguing that anonymity was important for vulnerable groups. When public uproar played out much as Fong-Jones had predicted, she sat across from executives to negotiate a new policy—then explained the necessary compromises to irate employees. After that, managers and employees started coming to her to mediate internal tensions of all sorts.

As part of this internal advocacy work, Fong-Jones had become attuned to the way discussions about diversity on internal forums were beset by men like Cernekee, Damore, and other coworkers who were “just asking questions.” To her mind, Google’s management had allowed these dynamics to fester for too long, and now it was time for executives to take a stand. In an internal Google+ post, she wrote that “the only way to deal with all the heads of the medusa is to no-platform all of them.”

A few hours later, Google’s internal networks received a shock to the system. A screenshot of Fong-Jones’ “Medusa” comment appeared on Vox Popoli, a blog run by the alt-right instigator Theodore Beale, along with her full name and profile photo. The comments section quickly filled with racial and sexual slurs fixated personally on Fong-Jones, who is trans. “They should pitch all those sexual freaks off of rooftops,” one anonymous Vox Popoli commenter wrote.

On Monday morning, Google’s top management finally met to discuss what to do about Damore. The . . .

Continue reading. There’s much more.

Written by LeisureGuy

13 August 2019 at 8:16 am

Standard Ebooks: Free public-domain ebooks, carefully produced

leave a comment »

This is a good site for ebook readers. As they note:

Other free ebooks don’t put much effort into professional-quality typography: they use “straight” quotes instead of “curly” quotes, they ignore details like em- and en-dashes, and they look more like early-90’s web pages instead of actual books.

The Standard Ebooks project applies a rigorous and modern typography manual when developing each and every ebook to ensure they meet a professional-grade and consistent typographical standard. Our ebooks look good.

Transcriptions from other sources are often filled with typos or suffer from issues like inconsistent spelling, missing accent marks, or missing punctuation. Submitting corrections to such sources can be difficult or impossible, so errors are rarely fixed.

At Standard Ebooks, we do a careful and complete readthrough of each ebook before releasing it, checking it against a scan of the original pages to fix as many typos as possible. Even if we do miss something, our ebooks are stored in the hugely popular Git source control system, allowing anyone to easily submit a correction.

Our ebooks include complete, well-researched, and consistent metadata, including original, detailed book blurbs and links to encyclopedia sources. Perfect for machine processing or for extra-curious, technically-minded readers.

Each Standard Ebook takes full advantage of the latest ereader technology, including:

  • Hyphenation support,
  • Popup footnotes,
  • High-resolution and scalable vector graphics,
  • Ereader-compatible tables of contents,

and more. One of our goals is to ensure our ebooks stay up-to-date with the best reading experience technology can provide. Just because it’s a classic doesn’t mean it has to use old technology.

Everyone knows a book is judged by its cover, but most free ebooks leave it to your ereader software to generate a drab default cover.

Standard Ebooks draws from a vast collection of public domain fine art to create attractive, unique, appropriate, and consistent covers for each of our ebooks. . .

Continue reading.

I just downloaded The Lerouge Case, by Emile Gaboriau, published originally in 1866. Wikipedia notes:

Gaboriau was born in the small town of SaujonCharente-Maritime. He was the son of Charles Gabriel Gaboriau, a public official and his mother was Marguerite Stéphanie Gaboriau. Gaboriau became a secretary to Paul Féval, and after publishing some novels and miscellaneous writings, found his real gift in L’Affaire Lerouge (1866).

The book, which was Gaboriau’s first detective novel, introduced an amateur detective. It also introduced a young police officer named Monsieur Lecoq, who was the hero in three of Gaboriau’s later detective novels. The character of Lecoq was based on a real-life thief turned police officer, Eugène François Vidocq (1775–1857), whose own memoirs, Les Vrais Mémoires de Vidocq, mixed fiction and fact. It may also have been influenced by the villainous Monsieur Lecoq, one of the main protagonists of Féval’s Les Habits Noirs book series. . .

More at the link. The book was easily transferred and looks good in the Kindle.

Written by LeisureGuy

9 August 2019 at 8:13 am

Posted in Books, Software, Technology

Why Developers Hate Coding Skills Tests (And What Hiring Managers Can Do To Change That)

leave a comment »

Perhaps a little too inside-baseball for most, but Geoff Roberts’s article at Hackernoon.com was interesting to me (and to The Wife):

When I signed on to join the team at Qualified last month, I ran the company through the diligence process that I use to assess opportunities at technology start-ups. Great product? Check. Strong growth trajectory? Check. Awesome customers? Check. A team I’m excited to be a part of? Check.

But beyond this list of important criteria my decision came down to a feeling that I couldn’t shake—one that my intuition told me was worth listening to above all else.

In 10 years of working with high growth technology start-ups, I’ve never come across a company that’s too good at hiring software developers. Everybody struggles with finding great software engineers.

I’ve sat in countless board meetings, leadership off-sites, and all-hands gathering where the story is largely the same—”We had 10+ open job reqs for development positions at the beginning of the year. We’ve filled three. One hire didn’t work out.” Queue the thumb-twiddling and downward glances.

Expensive employee referral programs ensue. Contracted recruiters come in to help. But all the subsequent efforts aside the common denominator is clear—there’s a shortage of software engineering talent and companies need to find better ways to identify, attract, and retain developers.

When I looked at the opportunity at Qualified the marketer in me saw a very real pain point and a market opportunity worth attacking; followed shortly thereafter by a lot of controversy surrounding the tools that are available to help companies assess software engineers.

The controversy surrounding coding skills tests

Any Google search or discussion with software engineers about the developer hiring process quickly surfaces a myriad of opinions on how coding skills tests are used in the recruiting process. You’ll find lengthy debates on this topic in HackerNews threads as well as not-so-subtle articles with titles like Why Coding Tests Are A Bad Interview Technique.

At first blush these sentiments should have deterred me from joining a company that makes a developer assessment platform, right? But I saw that the market for these products is exploding and I decided to dig in—a process that began by asking my former boss Dimitris Georgakopulous, Co-founder of Buildium and Outseta, for his take on coding skills tests.

“There’s absolutely a market and need for tools like this,” Dimitris said. “You simply can’t assess and hire developers without asking them to write some actual code.”

Joel Spolsky, CEO of Stack Overflow and Co-founder of Trello, provided further backing of this perspective with a simple analogy.

“Would you hire a magician without asking them to show you some magic tricks? Of course not. Would you hire a caterer for your wedding without tasting their food? I doubt it. Do whatever you want during interviews, but make the candidate write some code,” writes Spolsky.

Encouraged by this feedback, I turned the question on the development team at Qualified. “Why do so many developers dislike coding skills tests?” Their answers surprised (and built credibility with) me.

“I’ve heard the complaint that interview tests are awful, pointless, and demeaning a lot— especially on social media,” said Phil DeJarnett, a Senior Front-End Developer at Qualified. “It’s frustrating at best because it’s clear that developers are looking at it from an (understandably) selfish perspective. ‘I’m a good developer, why do I need to prove this to somebody I don’t even know?'”

Jake Hoffner, Qualified’s Co-founder and CTO, took it one step further.

“As a senior developer I’d be hesitant to take most coding assessments if I was looking for a new job,” Hoffner says. “I feel like I’ve built products and have a professional network that should preclude me from needing to do that.”

Prior to Co-founding Qualified Jake built Codewars—he’s definitely a person that I’d describe as a “developer’s developer.” But coming from a guy that’s now spending his professional life building a developer assessment platform, I was taken aback by hearing this level of empathy for the anti-coding tests sentiment.

“What’s this guy doing building a developer assessment platform then?” I wondered to myself.

I’ve spent the last few weeks talking to HR and engineering leaders to dig into this question in the greatest amount of depth possible. I’ve since resurfaced with strong conviction and evidence that there are companies using coding skills assessments in not only a developer friendly manner, but also in a way that directly leads to them finding and hiring the type of developers that immediately begin delivering on-the-job.

In fact, if wielded properly coding skills assessments can even help companies build credibility and excitement with developers throughout the hiring process. This is yet another aspect of your employer brand that can be optimized—and perhaps the one that speaks most directly to what it’s like to work on your company’s engineering team.

Shane Shown, a Talent Acquisition expert who has built engineering teams at companies like Facebook and Zillow, says it best.

“When a candidate does run into an interview that represents real-world problems that would need to be solved in the day-to-day of the actual position it’s MIND-BLOWING. I have had candidates leave an interview with a coding assignment that they were actually excited to complete, because they felt like they would understand the company’s problem and add real value.”

This post will teach you how you can move beyond the negative sentiments and turn your company’s use of coding assessments into a strategic advantage. But let’s start by reviewing some of the reasons developers dislike coding assessments in the first place.

The reasons developers often dislike coding tests (and how to change their tune)

While developers have expressed disdain for coding assessments for a wide variety of reasons, almost all of them can be overcome. These sentiments almost always come from coding skills tests being used as a blunt instrument to pre-screen developer candidates out of the recruiting funnel. Here’s how your company can intelligently apply coding assessments to flip the script and turn hiring developers into a competitive advantage. . .

Continue reading.

Written by LeisureGuy

9 August 2019 at 8:00 am

Critical U.S. Election Systems Have Been Left Exposed Online Despite Official Denials

leave a comment »

The US government seems to be in a death spiral. Kim Zetter reports in Vice:

The top voting machine company in the country insists that its election systems are never connected to the internet. But researchers found 35 of the systems have been connected to the internet for months and possibly years, including in some swing states.

That’s the blurb. The report begins:

For years, U.S. election officials and voting machine vendors have insisted that critical election systems are never connected to the internet and therefore can’t be hacked.

But a group of election security experts have found what they believe to be nearly three dozen backend election systems in 10 states connected to the internet over the last year, including some in critical swing states. These include systems in nine Wisconsin counties, in four Michigan counties, and in seven Florida counties—all states that are perennial battlegrounds in presidential elections.

Some of the systems have been online for a year and possibly longer. Some of them disappeared from the internet after the researchers notified an information-sharing group for election officials last year. But at least 19 of the systems, including one in Florida’s Miami-Dade County, were still connected to the internet this week, the researchers told Motherboard.

The researchers and Motherboard have been able to verify that at least some of the systems in Wisconsin, Rhode Island, and Florida are in fact election systems. The rest are still unconfirmed, but the fact that some of them appeared to quickly drop offline after the researchers reported them suggests their findings are on the mark.

“We … discovered that at least some jurisdictions were not aware that their systems were online,” said Kevin Skoglund, an independent security consultant who conducted the research with nine others, all of them long-time security professionals and academics with expertise in election security. Skoglund is also part of an advisory group, not associated with the research, that is working with the National Institute of Standards and Technology to develop new cybersecurity standards for voting machines. “In some cases, [the vendor was] in charge [of installing the systems] and there was no oversight. Election officials were publicly saying that their systems were never connected to the internet because they didn’t know differently.”

The systems the researchers found are made by Election Systems & Software, the top voting machine company in the country. They are used to receive encrypted vote totals transmitted via modem from ES&S voting machines on election night, in order to get rapid results that media use to call races, even though the results aren’t final.

Generally, votes are stored on memory cards inside the voting machines at polling places. After an election, poll workers remove these and drive them to county election offices. But some counties want to get their results faster, so they use wireless modems, either embedded in the voting machines or externally connected to them, to transmit the votes electronically. The system that receives these votes, called an SFTP server, is connected to the internet behind a Cisco firewall.

For security reasons, the SFTP server and firewall are only supposed to be connected to the internet for a couple of minutes before an election to test the transmission, and then for long enough after an election to transmit the votes. But the researchers found some of the systems connected to the internet for months at a time, and year-round for others, making them vulnerable to hackers.

Hacking the firewall and SFTP server would allow an attacker to potentially intercept the results as they’re transmitted and send fake results to the FTP server, depending on how securely the ES&S system authenticates the data. Although the election results that are transmitted via modem are unofficial—official votes are taken directly from the voting machine memory cards when they arrive at county offices—a significant discrepancy between the unofficial tallies and the official ones would create mistrust in the election results and confusion about which ones were accurate.

But Motherboard has learned that connected to the firewalls are even more critical backend systems—the election-reporting module that tabulates the unofficial votes as well as the official ones, and the election-management system that is used in some counties to program voting machines before elections. The researchers said that gaining access through the firewall to these systems could potentially allow a hacker to alter official election results or subvert the election-management system to distribute malware to voting machines through the USB flash drives that pass between this system and the voting machines.

******

Online, the researchers can only see the firewalls configured in front of these systems and cannot see anything behind them—a federal law makes it illegal for them to probe beyond the firewall. But ES&S documents posted online in various counties show that these critical backend systems are connected to the firewall, and ES&S also confirmed to Motherboard that this is the correct architecture in counties that want to transmit results electronically.

ES&S has long insisted that election-management systems are air-gapped—that is, not connected to the internet or connected to any other system that is connected to the internet—and the company insists to Motherboard that the diagram it provided isn’t showing them connected to the internet.

“There’s nothing connected to the firewall that is exposed to the internet,” Gary Weber, vice president of software development and engineering for ES&S, told Motherboard. “Our [election-management system] is not pingable or addressable from the public internet.” This makes them invisible to bad actors or unauthorized users, he said.

But Skoglund said this “misrepresents the facts.” Anyone who finds the firewall online also finds the election-management system connected to it.

“It is not air-gapped. The EMS is connected to the internet but is behind a firewall,” Skoglund said. “The firewall configuration [that determines what can go in and out of the firewall]… is the only thing that segments the EMS from the internet.”

And misconfigured firewalls are one of the most common ways hackers penetrate supposedly protected systems. The recent massive hack of sensitive Capital One customer data is a prime example of a breach enabled by a poorly configured firewall.

“If they did everything correctly [with the ES&S systems] as they say they do, there is no danger,” Robert Graham, CEO of Errata Security, told Motherboard. “These are all secure technologies that if [configured] correctly work just fine. It’s just that we have no faith that they are done correctly. And the fact that [election officials are] saying they aren’t on the internet and yet they are on the internet shows us that we have every reason to distrust them.”

Even proper configurations won’t secure a firewall if the firewall software itself has security vulnerabilities that allow intruders to bypass all the authentication checks, whitelisting rules, and other security parameters set in the firewall’s configuration file.

“If this system hasn’t been patched and has a critical vulnerability… you may be able to subvert any kind of security scheme that you’ve put in place,” Skoglund told Motherboard. . .

Continue reading. There’s much more.

As you know, Senator Mitch McConnell, the Majority Leader in the US Senate, has blocked all bills to improve election security and will not allow them to come to vote. As a result, the government is doing nothing. It comes down to one man who is duplicitous and dishonest and seems to have bad intentions.

Written by LeisureGuy

8 August 2019 at 1:08 pm

A hot tip for those who use hearing aids

with one comment

I was told when I got my hearing aids that I would probably want to replace them after about 5 years. I assumed that was because of technology improvements (faster, better, cheaper), but since they cost into the thousands, I thought I would just stick with them (particularly since the “cheaper” didn’t seem to materialize).

But what happens is not that better hearing aids become available. What happens is that the old hearing aids stop working. Moisture from the skin can get inside (because the case has to be able to be opened for changing the battery and there are small gaps around the controls) and eventually the insides corrode. This is for the behind-the-ear hearing aids. Those cheap models that fit inside the ear last very little time at all.

BUT The Eldest just passed along a great tip. At the right is a photo of the bag (carefully sealed) that I have in my hall closet. I use the little packs for various things—for example, I throw one inside the salt shaker—and The Wife has also found use for one from time to time. Plenty left, as you see.

So the idea is that when the hearing aids are removed at night, they go into a tightly sealed box with one of two of these. The hearing aids I have did come with a very nice box (as they damn well should) that has a pretty tight-fitting lid, but I will now keep the box inside a sandwich-sized ziplock bag (whether hearing aids are inside or not), to keep the Silica Gel active. I can replace the gel packs once month or so. I have a good supply (as you see).

UPDATE. The Eldest points out the 8 best hearing aid dryers in 2019.

UPDATE 2: I just ordered this one.

Written by LeisureGuy

2 August 2019 at 4:58 pm

Posted in Daily life, Technology

Every Noise at Once, revised and expanded

leave a comment »

I’ve blogged this before, but they have continued to develop it. From the link (under the now-very-large music map):

Every Noise at Once is an ongoing attempt at an algorithmically-generated, readability-adjusted scatter-plot of the musical genre-space, based on data tracked and analyzed for 3,295 genres by Spotify as of 2019-08-01. The calibration is fuzzy, but in general down is more organic, up is more mechanical and electric; left is denser and more atmospheric, right is spikier and bouncier.

Click anything to hear an example of what it sounds like.

Click the » on a genre to see a map of its artists.

Be calmly aware that this may periodically expand, contract or combust.

How We Understand Music Genres explains how this thing got started.
A Retromatic History of Music (or Love) follows these genres across years.
Spotify New Releases by Genre uses them to scour this week’s new releases.
We Built This City On follows them to their cities of origin.
Genres by Country breaks them down by strength of association with countries.
Songs From the Edges flings you through a blast-tour of the most passionate genrecults.
Songs From the Ages samples demographic groups.
Songs From the Streets samples cities.
Drunkard’s Rock wanders around for a really long time.
The Sounds of Places plots countries as if they were genres.
Spotify World Browser shows Spotify editorial programming in different countries.
Every Place at Once is an index of the distinctive listening of individual cities.
Hyperspace House Concerts looks for music playing only in particular places.
Every School at Once is an index of the distinctive listening of students by school.
Genres in Their Own Words maps genres to words found in their song titles.
The Needle tries to find songs surging towards the edges of one obscurity or another.
The Approaching Worms of Christmas tries to wrap itself around things I usually fight.
Every Demographic at Once explores listening by country, age and gender.
Or there’s a dynamically-generated daily summary of Spotify Listening Patterns by Gender.

Written by LeisureGuy

2 August 2019 at 9:00 am

%d bloggers like this: