The Importance of Rights for All
Some of you may have noticed the new image I have added to the left-hand column of my website as well as below. It reads “I do solemnly swear to preserve, protect, and defend the Constitution of the United States to ensure that the country protects the right of all. – Signed Bradford Benn” (You can create your own image at the American Civil Liberties Union’s Take the #PeoplesOath webpage.
Seems an odd thing to put on a website at times. It is important to indicate that I believe in the importance of the US Constitution. I believe it is important that all people have the same rights. Not just donors or members of the political elite or celebrities, everyone. I can go into all the reasons that I feel that this stance is necessary. It doesn’t matter why I feel this way, I do believe that it is important to protect everyone. As news is coming in about various changes in openness in information as well as accuracy, I think it is important to do something about it. The approach of removing data is preventing people from having the right to make up their own mind. If one’s personal opinion does not agree with the datum currently available, it does not mean censoring or removing the data.
While we may not all agree on everything, I want to believe that the majority of us will believe in treating people equally. That information is available to everyone especially if it uses public funding. That science is factual. That privacy is a right. The preamble to the US Constitution is an important guidepost often overlooked.
“We the people of the United States, in order to form a more perfect union, establish justice, insure domestic tranquility, provide for the common defense, promote the general welfare, and secure the blessings of liberty to ourselves and our posterity, do ordain and establish this Constitution for the United States of America.”
People appointed to national leadership positions must be knowledgeable about their role. Disagreeing with science while allowed, does not allow for the deletion or removal of information that disproves your stance; especially if you are a public servant. The story Scientists Racing to Archive Climate Data Before Denier-in-Chief Trump Takes Office provides an example.
Illegal surveillance is illegal.
I can go on, but the important thing is to know that the rights of all need protection. As the administration of the 45th President of the United States trundles forward I will probably be posting more of my views; I think that this post is a good start. All of us need to do what we think is right and important.
January 24, 2017
No, you can’t look in my computer…
Some of you may already be aware that the Electronic Frontier Foundation (EFF) is one of the groups I support. Privacy, security, and freedom for the individual is one of my touchstones. I have written about these topics previously, both here and at AVNation.tv. (Yes, there will be overlap between this post and the one over there. My opinion hasn’t changed.)
There are proposed rule changes within the Federal Rules of Criminal Procedure that the EFF has made me aware of. I do not claim to be an expert on all the legalities and intricacies, however from the comments that the EFF have provided I immediately felt it was important to comment on. The proposed amendment to procedural Rule 41 would allow a judge to issue a warrant allowing law enforcement to remotely enter (hack) a computer when “the district where the media or information is located has been concealed through technological means,” or when the media are on protected computers that have been “damaged without authorization and are located in five or more districts.”
The first portion of this means that if one uses a means to hide their location, for any reason, a search warrant would be allowed. At AVNation I spoke about how this applies to business environments where Virtual Private Networks (VPN) are used to provide a secure connection between remote users and the office. A byproduct of that process is that one’s location is incorrect quite often, sometimes on purpose. When I travel to China I use VPN for personal use. I purposely set my VPN to connect me to a point of presence located in the US. This decision allows me to access my e-mail as well as other sites, such as news sites like New York Times or Los Angeles Times. I can continue on about the Great Firewall of China, but these couple of links should help provide background https://en.wikipedia.org/wiki/Great_Firewall or https://www.eff.org/search/site/china%20firewall.)
I also use a VPN connection, as well as other tools, when I am using a public hotspot. In fact I am using one right now as I sit in Starbucks using their WiFi. This approach prevents eavesdroppers to my communication. I will say that Google and Starbucks do a good job keeping things safe, however not everyplace is as secure. I want to keep my data encrypted as long as I can. Yes, there is Hyper Text Transfer Protocol Secure (HTTPS) that is secure and I use it as much as possible, but not every site supports it or for all traffic.
I can continue on as to why I use VPN, the important thing to take away is that there are legitimate legal reasons to use VPN. The fact that I use it should not change the way my data/privacy is viewed by the courts. To overly simplify it would be like saying, you locked the door to your car so you have given us a reason to issue a search warrant.
The second portion of the new procedure is also damaging in that it allows for innocent computers to be searched if they have been remotely hacked. If a computer is an unwitting member of a botnet that would meet a qualification for a search warrant. The infected or innocent computer could be searched even if the owner is not involved or suspected of wrong doing. Basically if someone has already broken into your computer, the government can break into it again as your computer might be doing bad things.
To me there is a third reason that this issue is important – this process is being done under the guise of procedural rules. There is no debate, no review by elected officials, just a procedural change to allow more access. Yes, Congress has to vote to approve the rules, but there was very little notice of the process. Luckily groups such as EFF and others are around to alert people to the changes. There is the comment of, “Well if you aren’t doing anything wrong, you have nothing to worry about.” I agree and understand that sentiment, but I also believe that once the first domino has fallen the erosion of privacy will continue. To quote James Madison, “There are more instances of the abridgement of freedom of the people by gradual and silent encroachments by those in power than by violent and sudden usurpations.” This procedural step is a gradual and silent move to most people.
Also if there is nothing to worry about, please send me your laptop or phone without clearing the history first. I will be more than happy to inspect it for you.
Much of this information was gathered from the webpage https://www.eff.org/deeplinks/2016/06/help-us-stop-updates-rule-41.
The lock pick image is public domain from Wikimedia. More information about it at https://commons.wikimedia.org/wiki/File%3ALockpicking_Pickset.jpg.
Steam Security Softness
As my faithful reader reader knows, I have opinions about security and privacy. One of the things that has been a challenge is when providers and software do not take security as seriously. A prime offender is Steam currently. This opinion was formed before the December 25, 2015 problems with displaying information improperly. My opinion started last year in December 2014. I was in the process of changing and updating many of my passwords. I sent the following question to Steam:
“I am in the process of changing passwords on accounts, and was unable to find the requirements or restrictions for passwords. Can you provide a list of the restrictions please? When I tried to generate a new password using my randomizer it was not accepted. “
The response I originally received showed that the question was not understood (screen shot of the conversation from Steam Support Site):
“Thank you for contacting Steam Support.
We apologize for the delay.
Please follow the link below for information:
Title: How do I change my Steam account password?
If you have any further questions, please let us know. “
I responded indicating:
“I know how to change the password, however when I try to change it, the password is not accepted. So what is the parameters of the passwords “
The Steam response was less than helpful:
Unfortunately, the full requirements are not currently available.
It must not be a previous password and must meet the password strength requirements.
Steam Support has provided you with all of the relevant information regarding this issue. “
Please allow me to highlight that exchange a little more. “The requirements of the password are not available, but your password must meet the requirements.” Steam basically said, we can’t tell you what the requirements are but you need to meet them. At the same time I was doing testing and submitting of passwords to try to find out what the requirements are.
To say that I find that they are lax is an understatement especially for a commerce site; a commerce site that allows and suggests storing of credit card information. I was not able to use certain special characters but I was not sure what they are, so I literally had to make my best assumptions by trial and error. The length of the password was also not clear so I once again did trial and error. I understand why some might think by not indicating password parameters provides a hurdle to people hacking it. Allow me to state that a brute force attack would not care, it would simply add more failures.
If one couples this with the recent breach of information and lack of contrition or concern from Valve/Steam it makes me more nervous. The most frustrating part of this problem is that for many game titles I do not really have another avenue to purchase from. I am still one of those people that wants to have a hard copy of the content I own and not just have it on the cloud. I am comfortable with the idea of a piece of technology having to verify that it is legal through contacting an online server, not ideal but understandable.
So if Steam/Valve is listening, which I doubt, I request and want a more secure system. I would ask the following and I think most people would as well:
- More information about password requirements
- More complex and longer passwords allowed
- Two Factor Authentication
- Proactive Communication when there is a problem, notice I didn’t say if but when as given the current track record it is only a matter of time
To my readers, I ask that you share these ideas with others and get Valve and Steam to pay attention and make improvements.
Creative Commons Share and Share Alike for my domain
As I was taking pictures this weekend I thought about how I want people to be able to use my content and thoughts. Part of this was sparked also by my recent appearance on AVNation’s AVWeek Podcast Episode 189: I Know Who To Call. Tim brought up some topics that I have both experience with and opinions about, so I shared them with everyone. I was pleasantly surprised when I was also quoted heavily in an article on Commercial Integrator as well. So it got me to thinking, what are the rights I want to reserve or share? I am currently listening to Cory Doctorow’s book Information Doesn’t Want to Be Free: Laws for the Internet Age (hardcopy). This link is to the self-published audiobook read by Wil Wheaton. One of the things I am learning from these thoughts is the question of how much do I want to share my created content.
I have already created some content obviously you are reading some now, I have have images available at photos.bradfordbenn.com that can be used. I have until now been keeping a tight leash on the images with watermarks and right click protection. I plan on keeping some protection in place, not quite sure how much yet or how it will be set up. However I want to share the information and experiences with more people. Yes, I would like to earn some money along the way, however at the moment that is not the key goal for me. I want to create things and put them out in the open for people to enjoy. I just want to know when things I create are being used.
So having said that you can see the description of the usage rights I have created at the page http://bradfordbenn.com/creative-commons/. The idea is that if you are using my content for personal use, you may do that with attribution. If you want to use my content for commercial use, there is still licensing issues to be discussed. I encourage you to consider how you want your content handled, keeping in mind that many of the tools we are open source and are being shared as well.
Patrons and Recipients
As the new year begins, I have been looking through some of my patronage. I am using the term broadly, it includes Kickstarter, Indiegogo, Patreon, Bandcamp, direct subscriptions, and lump sum payments. It is an interesting dance that occurs in the Internet commerce age. There are multiple ways to purchase things currently, it can be done as a finished good being purchased or one can make payments in support of future work. It is the support of the future work that I have found to be interesting and varying between parties.
There are some artists that I am a true patron of, I simply make a payment in support of their work. Yes, they provide updates and content at times. However the support is just to support the work with no expectation of new content. The idea is that one is supporting the creation of new work and typically a patron will receive the work. However it is not a relationship where one says, I pay you US$15 and you will provide me 65 minutes of music.
There is also the world of Patreon where one pledges a specific amount for specific events. The idea being that one pledges to make a payment for each finished item. There is typically a ceiling on the monthly payment but also a sliding scale of what you pay for what you receive. There is no guarantee that one will receive anything but there is also no payment without the delivery of something.
There is also Kickstarter where one makes a pledge to fund the project if enough other people commit as well. If the project is funded, payment is made before receiving any goods. It is a leap of faith that goods and services will be delivered after the payment has been made. One simply has to hope that the goods are expected.
In all of these agreements there is one key element that can make this successful and enjoyable for both parties – communication.It becomes a dance of communication where one does not want to harass the artist, however one still wants to know what is being expected by both parties. That is key to allow people to feel confident in the process. I have had some recipients that communicate consistently, even if it just something as small as saying hello. There are other recipients that enter radio silence after the pledge. That is very frustrating and at times makes one wonder if the support is truly appreciated. It makes me, I will not speak for everyone, not want to support those that do not communicate.
So if you are asking for funding, remember to communicate. Having said my peace, I think I am going to remove some of my patronages.
I am securing my e-mail
I have been catching up on enjoyment reading recently. I recently read a few Cory Doctorow (I used the non-secure site as the link as it renders better) books and saw the line between reality and fiction blurring. I know that much of this interweaving is on purpose, but it got me thinking about a few things. The tipping point came a few days later though, when I got a call soliciting about refinancing the house.
The interesting thing was that the call came from a mobile/cellular telephone. This person called and indicated that they were with my bank and asked me if I was interested in refinancing. That immediately set off warning bells, so I said no thank you. I also called my bank and spoke to “my banker” and asked her about the call. She said that it is a legitimate program but agreed that someone should not be calling from their cell phone for such a thing. She asked if I was interested in refinancing and that she would have their local person get in touch since I was.
My banker knows that at times e-mail is easier for less pressing items, so she introduced the two of us via e-mail. Just contact information, nothing identifying. Yes, she is prudent with security. That e-mail got me thinking a little more. Not just the fact that she knew to not send private data, but more how could I know if the people I was e-mailing with are actually who they say they are.
I have been aware of Public-Key Cryptography for about two decades as I had used it for project transmittals in the 1990’s using PGP or Pretty Good Privacy. The idea is that it takes two keys to unlock a message, I create both. One that is private and one that is public. I distribute the public key to people I want to communicate securely with. People encrypt items to me using the public key, however I am the only one who can decrypt it. It also works in reverse, people can send me their public key and I can encrypt messages to them. The reason this can be powerful is that not only is the message encrypted, it also allows the users to verify the sender of the e-mail.
That is the important part for me, and the reason I am encouraging more people to encrypt their mail. It is not just for securing the contents, it is also for knowing that the sender truly is who they say they are. Think about how much that would cut down on phishing and other fraudulent e-mail scams. If I could verify that the sender was who they say their are. I know I would feel much safer if I received an e-mail from my banker that was signed with a Public Key.
I am using GPGTools as it integrates in my environment very easily as PGP has taken some interesting twists since I started using it. I simply installed the suite and voila it was functioning. I am also in the process of doing the same thing for files as well. The encryption on the files is as much to verify that it came from me, as it is to protect the files when I store them in the “cloud”. So if you get an e-mail from me, which you might after all the messenger options, don’t be surprised if it is signed. My public key identifier is C93A52C6. You can download my public key from http://www.bradfordbenn.com/BradfordBenn-C93A52C6.asc
Can we stop passing around little dead tattooed trees?
As my loyal reader and twitter follower is aware, I just attended the InfoComm2014 convention. I found myself struggling what to do with all these business cards I had acquired. Not only the question of how long should I hang on to them, but how to get all the details into my electronic system. After looking at a few solutions, I have a request for all my readers – make the lock screen on your electronic device your QR business card.
As someone who has some nice Moo.com business cards, with 10 different pictures on the cards, I appreciate and enjoy the statement and symbolism of exchanging business cards. What I do not enjoy is trying to get all the data into my various electronic organization tools. It is time consuming. First was the problem of finding a good tool to scan and then read all the data. Then comes the problem of verifying all the data that just got imported and loaded into the computer. There are pieces of software that can do this for you, but even those are not perfect and require some tweaking. I have tried CamCard for iPhone but am not totally happy with it. The interface is pretty good, but there are short comings. I do like that one can review and edit them on the web. However one cannot easily export it from the corrected version on the web. One has to give CamCard access to your contacts to load it into your contact information. I probably sound paranoid and stereotypical but giving a Chinese company access to my contacts is not something I feel comfortable with. I do like the batch scanning option though.
I can continue talking about the various options I have used and tried. I am using Evernote Hello for my personal contact management. It does not do as good a job dealing with unique layouts on cards. It also does not include a way to include the address.
The thing I would like for more people to start using is a QR vCard. There is a protocol that allows for embedding contact information directly into a QR code. The protocol does not require actually being connected to the Internet to retrieve the information. It simply requires the receiver to have a QR code reader, many of which are free. The process is fairly simple and painless.
- Load a QR Code Reader onto your phone.
- Using the camera on your phone ingest the QR code you are interested in
- View the results
I have created a QR vCard that is the lock image on my iDevice. (A QR card size of 450 pixels by 450 pixels about 305 pixels from the top of the image for an iPhone 4S works.) I do not even have to unlock the phone to provide the QR code to someone. I also have a QR application (Qrafter Pro) that allows for reading QR codes from pictures. I can take a picture without unlocking my iDevice as well. If you really want to be sneaky smart, take a picture of the person also so you can remember what they look like.
To get you started, here is a sample QR code that I created online. There are also sorts of other tools available, Qrafter Pro also allows for creating the grids.
Trial QR code
Go ahead try out your reader.
Relatively easy? Simple?
Now if you will excuse me, I have to go back to reviewing scanned business cards. I think I will even update my personal cards to have a QR code.
Shout out to Linda Seid-Frembes who gave me this idea years ago – You can read more about it at her blog.
Yes, I now that this topic has been talked about before but I really think it is worth considering.
Blogging into the Blind
As I was looking at last year’s statistics for my website and sub sites I was fairly disheartened. I have very little followers and have not sold any prints. I thought about it a little and realized that one of the main reasons is that I have added very little content over the past year. I added a total of 6 posts last year, not really exciting and constantly updating. This year I plan on adding more content more often. As we all know, the best laid plans… or as I say life gets in the way.
My post popular post created in 2013 was “Convention Caricature Caused by Production Values” with a total of 105 views according to Google Analytics. My most popular post was actually from two years ago with 778 views, mainly coming from Google searches, about how the NHL makes it difficult to be a fan. Interesting to see what is popular and how some posts have staying power. i have had a total of 2 comments posted and some pages that have had no views at all.
What does this mean to you my reader, well I am not really sure. I do however have a question, what topics would you like to read about and see posted on the blog? I have some ideas, but figure I would ask and see if there are any burning questions that I have not covered in my Unasked Questions page. Would you rather see lots of shorter posts or less frequent longer posts?
Technology Stills Needs Personal Touch
I was originally going to write a blog post about the conversation topic I alluded to in a few Tweets on the evening of June 29, 2011; however United Airlines changed the topic. This blog post is about the frustration when technology does not actually make things easier. It also gets more frustrating after asking for help when the technology fails.
I wanted to book an award fare to fly myself and the L&T Wife to California on United. So I went to the United website, logged in with my frequent flier number – you know the one that literally has almost half a million miles in the past 11 years. I went through and looked at all the options for flights before finally picking one. I signed myself and the Wife up for it, picked our seats, continued to the payment page and entered my credit card number. Clicked the Submit button, and nothing happened. Clicked button again, nothing happened.
I changed browser from Firefox to Safari and tried again all the way from the beginning I could not save or hold my work. Nothing happened under Safari as well. I then decided to call United Rewards Reservations, which is when the frustration started. This is a basic synopsis of the conversation
- "Hello, I am having trouble booking reward travel on the website."
- "When and where are you trying to travel to?"
- I respond with the information
- "No, there are no seats available for the dates you want."
- "But the website shows many open seats."
- "I am sorry sir the website is wrong."
- "Okay, so what are my options?"
- "There is a flight three days earlier for outbound and two days later for the return."
Whiskey Tango Foxtrot I thought – I did not say it. I was polite to the agent as they are just reporting what the screen is showing.
We go round and round and finally get the exact same itinerary, as I had created online. I did not care if it was a mileage saver fare or not, her system was defaulting to fares that take less miles. If I was asked I would have said, I had picked specific flights online.
Then came the time to make payment. Online it was 75,000 miles per person; via the phone it was 100,000 miles per person. I ask why the difference.
The agent had no good explanation, so I asked for a supervisor. During this time I was placed on hold, without music or other audio so I had no indication I was still connected. The supervisor could not assist me.
As we passed the thirty-minute mark the supervisor indicated I should be transferred to Web Support to assist. After a few minutes with the Web Support person I was able to book my flight.
It was extremely frustrating. I tried to do it via self-service on the web. It did not work. I tried to call for help and that did not work for the first 40 minutes. It took approximately 45 minutes on the phone and three agents to finish the transaction I already had details for. If the first person I communicated with listened to my original issue they might have thought to transfer me to the web team earlier. Instead I believe that they were just going off the script, not really helping the customer.
I tweeted out my frustration and decided to wait 24 hours to see if there was a response before posting. So far I have heard nothing.
Now some people may be thinking that it is only 50K miles, ~10% of your tally. To put the value of that in context, 50K miles is a round trip somewhere in the US with the right planning. Now that this trip is booked, I will get to call again to add my dietary needs as I can’t do that from the website. I think I will wait a day or two.
For those of you that have an impact on customer interaction, think about what happens when your website doesn’t work. How will you help that person? Have you provided them with enough information to know where to go for help? Is the first point of contact going to listen and respond or just follow a script? That one decision can change a customer interaction from a phone call to a frustration and wasting time for everyone involved.
Making the interface work for me
Often times the controls for a piece of software are not the friendliest locations for one-handed operation. By one-handed operation I mean one hand on the keyboard, one hand on the mouse. When working in graphic programs I find myself working that way quite often. It could be as basic as a drawing program where I need to use the Z key to initiate the zoom function and then using the mouse to decide where to zoom. Other times it is more complex, such as selecting an image, zooming into a one pixel to one pixel rendering, panning, and then marking the image as a keeper or a chucker. It could just as likely be a drawing program where I am documenting an idea. For my #AVTweeps, just think AutoCAD.
Recently I found myself being sore at the end of an image review session from unnatural movements. My data management workflow is outlined at previous blog post. However looking at the actual process I began to find lots of moving of the hands. My review process is based around the use of Adobe® Photoshop® Lightroom® (quite the mouthful so Lightroom for short). The program itself is very powerful and does help me manage my images, pictures, and photos. The program lacks some ergonomics for the one handed user.
The way I cull images is I go into the library mode and review the images at a resolution to fit onto the screen. I then quickly look at it and decided if it is a Pick, Unmarked, or a Reject. These selections are done using the P U and X keys. Notice how they are laid out on the keyboard.
Not very easy to navigate with one hand. Now let’s say I want to zoom into an area, one can either use the mouse to enter a 1:1 view or press shift and spacebar to enter the same mode, then use the mouse to zoom to areas. I do this to see how much aberration is viewable and if it is in focus, once again I decide if it is a pick, unfledged, or rejected. Lightroom has a setting to advance to the next image after assigning a value to the image.
That setting seems like it would save time, and it does quite often. However if I want to assign two things to an image, I have to back up to the image. If I find an image of the same subject later in the batch that is better than a pick I decided on, I go back to unmarked the previously picked image. So now I have a few options. I can expose the filmstrip at the bottom of the application window and click on it with the mouse and then press U. If this image was just the previous image I can use the arrow keys. If you notice both of these options require me to take my right hand off the mouse and place it on the right half of the keyboard. Now I could also just use my left hand on the right side of the keyboard however that still means changing positions.
Let’s say I want to see if a crop makes an image better. An example of a crop changing an image happened at the baseball game I took pictures at, since I was sitting in the stands some of the images have the back of people’s heads in them. Cropping the heads out made the pictures better, but some were still chuckers not keepers. In Lightroom I enter crop mode by pressing R, this would enter Develop module, where I would use the mouse to make the crop. I would then finish with the crop. I would then want to mark the image as a keeper or chucker. I cannot do that in the Develop mode, I have to be in Library mode. To return to Library mode I would either take my right hand off the mouse to do the keyboard contortions or move the mouse away from the work area. Neither solution is very ergonomic.
There are keyboards available that are designed to fix some of these issues by changing the keyboard layout and having labels on the keyboard. However some are more expensive than the program itself. Also they are dedicated to the program, so I would still need my regular keyboard for such things as entering text. Not really an idea I was looking for.
I started thinking about it more and more and came up with a more practical solution in my not so humble opinion. I purchased a customizable gamer keypad, a Logitech G13 Programmable Gameboard with LCD Display as it is Mac compatible – yes it is also Windows compatible. (If you decide to buy one after reading my blog, using this link will give me a little commission.) This would let me decide how the keystrokes would be used. I could lay them out to my satisfaction.
I then determined what keys I used most. They are both left and right handed, and some of them require multiple hands, such as entering Library Mode (Command + Option + 1).
These main keys were then assigned to the keypad as I found would work best for me. (Drop me a line if you would like to copy of the configuration file.)
I had 200 plus images from a business trip and figured that would be a great way to test it out. So I went through the images, did the rating, cropping, and keywording in about an hour including uploading to a SmugMug gallery. There was another benefit that occurred that was unexpected, I was able to hide all of the tool palettes in Lightroom so the images were bigger on the screen during the review, remember bigger is better. I do not have exact times for similar tasks using the “standard” keyboard commands but the important thing is I was not sore and it was not as tiring to me.
The keypad allowed the thing that I think all tools should do, get out of the way and let me work. It did just that. Other than when I had to type in keywords, I used just the keypad and the mouse. I did not have to move my hands around the keyboard and mouse.
I also learned a couple more tricks in the process. I can use the keypad in more than one program, but keep the key functions the same. By key function I mean that the same key that sends an R to enter Crop mode in Lightroom can be configured to send a K in Photoshop or Command + K in Preview to perform the crop functions. The same key press to me, sends different keystrokes to the application. Much easier than having to remember all the different commands, similar to Cut, Copy, and Paste being the same in almost every program. That is a fine example of what I was trying to accomplish; cut (Command + X) copy (Command + C) and paste (Command + V) are not great mnemonic devices at first blush but the arrangement of the keys makes it very easy to use.