CPI: Continuous Privacy Improvement – Part 2

Continuous Improvement
Continuous Improvement

Continuous Improvement is nothing new. In the early nineties, total quality management (TQM) was all the rage. And even then, TQM was a re-visitation of techniques applied in preceding decades. Today, continuous improvement is embraced in nearly every development methodology. But whether from the “fifties” or the “twenties”, the message is still the same: any measurable improvement (whether in processes or in technologies) is the result of a systematic approach. This is true for software development. And it is true for continuous privacy improvements.

Privacy Is Threatened

With every wave of technology change, there have been concurrent improvements in determining what customers desire – and what they will “spend” in order to obtain something. At the same time, customers have become increasingly frustrated with corporate attempts to “anticipate” their “investment” habits. For example, the deployment of GPS and location technologies has allowed sellers to “reach” potential customers whenever those customers are physically near the point of sale. In short, when you got to the Magnificent Mile in Chicago, you’ll probably get adds for stores that are in your vicinity.

While some people find this exhilarating, many people find it frustrating. And some see these kinds of capabilities as demonstrative of a darker capability: the ability for those with capability to monitor and manage the larger populace. For some, the “sinister” people spying on them are corporations. For many, the “malevolent” forces that they fear are shadowy “hackers” that can steal (or have already stolen) both property and identity. And for a very small group of people, the powers that they fear most are governments and / or similar authorities. For everyone, the capability to monitor and influence behavior is real.

Surveillance And Exploitation Are Not New

Governments have tried to “watch” citizens – whether to protect them from threats or to “manage” them into predetermined behaviors. You can look at every society and see that there have always been areas of our life that we wish to keep private. And balanced against those desires are the desires of other people. So with every generation (and now with every technology change), the dance of “personal privacy” and “group management” is renewed.

As the technology used for surveillance has matured, the tools for ensuring privacy have also changed. And the methods for ensuring privacy today have drastically changed from the tools used even a few years ago. And if history is a good predictor of the future, then we can and should expect that we must continually sharpen our tools for privacy – even as our “adversaries” are sharpening their tools of surveillance. Bottom Line: The process of maintaining our privacy is subject to continuous threat and must be handled in a model akin to continuous process improvement. So let’s start accepting the need for continuous privacy improvement.

Tackling Your Adversaries – One At A Time

If you look at the state of surveillance, you probably are fatigued by the constant fight to maintain your privacy. I know that I am perpetually fatigued. Every time that you harden your defenses, new threats emerge. And the process of determining your threats and your risks seems to be never-ending. And in truth, it really is never-ending. So how do you tackle such a problem? I do it systematically.

As an academic (and lifetime) debater – as well as a trained enterprise architect – I continually assess the current state. That assessment involves the following activities:

  • Specify what the situation is at the present moment.
  • Assess the upsides and downsides of the current situation.
  • Identify those things that are the root causes of the current situation.
  • Outline what kind of future state (or target state) would be preferable.
  • Determine the “gaps” between the current and future states.
  • Develop a plan to address those gaps (and their underlying problems).

And there are many ways to build plans. Some folks love the total replacement model. And while this is feasible for some projects, it is rarely practical for our personal lives. [Note: There are times when threats do require a total transformation. But they are the exception and not the general rule.] Since privacy is such a fundamental part of our lives, we must recognize that changes to our privacy posture must be made incrementally – and continuously. Consequently, we must understand the big picture and then attack in small and continuous ways. In military terms, you want to avoid multi-front campaigns at all cost. Both Napoleon and Hitler eschewed this recommendation. And they lost accordingly.

My Current State – And My Problems

I embarked on my journey towards intentional privacy a few years ago. I’ve given dozens of talks about privacy and security to both IT teams and to personal acquaintances. And I’ve made it a point to chronicle my personal travails along my path to a more private life. But in order to improve, I needed to assess what I’ve done – and what remains to be done.

So here goes…

Over the past two years, I’ve switched my primary email provider. I’ve changed my search providers and my browsers – multiple times. And I’ve even switched from Windows to Linux. But my transformation has always been one step away from its completion.

The Next (to Last) Step: De-googling

This year, I decided to address the elephant in the room: I decided to take a radical step towards removing Google from my life. I’ve been using Google products for almost half of my professional life. Even though I knew that Google was one of the largest threat actors my ecosystem, I still held on to to a Google lifeline. Specifically, I was still using a phone based upon Google’s ecosystem. [Note: I did not say Android. Because Android is a Linux-oriented phone that Google bought and transformed into a vehicle for data collection and advertising delivery.]

I had retained my Google foothold because I had some key investments that I was unwilling to relinquish. The first of these was a Google Voice number that had been at the heart of my personal life (and my business identity). That number was coupled with my personal Google email identity. It was the anchor of hundreds of accounts. And it was in the address books of hundreds of friends, relatives, colleagues, customers, and potential customers.

Nevertheless, the advantages of keeping a personal Google account were finally outweighed by my firm realization that Google wasn’t giving me an account for free; Google was “giving” me an account to optimize their advertising delivery. Or stated differently, I was willing to sell unfettered access to myself as long as I didn’t mind relinquishing any right to privacy. And after over fifteen years with the same account, I was finally ready to reclaim my right to privacy.

Too Many Options Can Lead To Inaction

I had already taken some steps to eliminate much of the Google stranglehold on my identity. But they still had the lynch pins:

  • I still had a personal Google account, and
  • Google had unfettered access to my mobile computing platform.

So I had to break the connection from myself to my phone. I carefully considered the options that were available to me.

  1. I could switch to an iPhone. Without getting too detailed, I rejected this option as it was simply trading one master for another one. Yes, I had reason to believe that Apple was “less” invasive than Google. But Google was “less” invasive at one point in time. So I rejected trading one for another.
  2. I could install a different version of Android on my current phone. While I have done this in the past, I was not able to do this with my current phone. I had bought a Samsung Galaxy S8+ three years ago. And when I left Sprint for the second time (due to the impending merger), I kept the phone. But this phone was based upon the Qualcomm SnapDragon 855. Consequently, the phone had a locked bootloader. And Qualcomm has never relented and unlocked the bootloader. So I cannot flash a new ROM (like LineageOS) on this phone.
  3. I could install a different version of Android on a new phone. This option had some merit – at the cost of purchasing new phone hardware. I could certainly buy a new (or used) phone that would support GraphenOS or LineageOS. But during these austere times (when consulting contracts are sparse), I will not relinquish any coin of the realm to buy back my privacy. And buying a Pixel sounds more like paying a ransomware demand that buying something of value.
  4. I could take what I had and live with it. Yes, this is the default option. And while I diddled with comparisons, this WAS what I did for over a year. After all, it fell into the adage that if it isn’t broken, then why fix it? But such defaults never last – at least, not for me.
  5. I could use the current phone and take the incremental next step in using a phone with a locked bootloader: I could eliminate the Google bits by eliminating the Google account and by uninstalling (and/or disabling) Google, Samsung, and T-Mobile apps using the Android Debug Bridge (a.k.a., adb).

I had previously decided to de-google my phone before my birthday (in July). So once Independence Day came and went, I got serious about de-googling my phone.

The Road Less Taken

Of all of the options available to me, I landed on the one that cost the least amount of my money but required the most investment of my personal time. So I researched many different lists of Google apps (and frameworks) on the Samsung Galaxy S8+. I first disabled the apps that I had identified. Then I used a tool available on the Google Play Store called Package Disabler Pro. I have used this before. So I used it again to identify those apps that I could readily disable. By doing this, I could determine the full impact of deleted some of these packages – before I actually deleted them. Once I had developed a good list and had validated that the phone would still operate, I made my first attempt.

And as expected, I ran into a few problems. Some of them were unexpected. But most of them were totally expected. Specifically, Google embeds some very good technology in the Google Play Services (gms) and Google Services Framework (gsf). And when you disable / delete these tools, a lot of apps just won’t work completely. This is especially true with notifications.

I also found out that there were some key multimedia messaging services (MMS) capabilities that I was using without realizing it. So when I deleted these MMS tools, I had trouble with some of my routine multi-recipient messages. I solved this by simply re-installing those pieces of software. [Note: If that had not worked, then I was ready to re-flash to a baseline T-Mobile ROM. So I had multiple fallback plans. Fortunately, the re-installation solved the biggest problem.]

Bottom Line

After planning for the eventual elimination of my Google dependence, I finally took the necessary last step towards a more private life; I successfully de-googled my phone – and my personal life. Do I still have some interaction with Google? Of course I do. But those interactions are far less substantial, far more manageable, and far more private. At the same time, I have eliminated a large number of Samsung and T-Mobile tracking tools. So my continuous privacy improvement process (i.e., my intentional privacy improvements) has resulted in a more desirable collaboration between myself and my technology partners.

The Digital Economy Class

Economy Class...With A Little Quality
Economy Class…With Quality Touches

One of the most important things that you do as a consultant is the marketing of your expertise. You have to build a brand that screams, “I AM AN EXPERT”. At the same time, you need a brand that also proclaims, “I am savvy, suave, and not at all desperate for business opportunities.” I usually favor one of these two messages. I need to embrace both of them. In the past few weeks, I have taken a number steps that will amplify both messages. By assembling both spare and specialty parts in innovative ways, I hope to conduct my business in the “digital economy class”.

What do I mean when I say, “digital economy class”? It is exactly what it sounds like. When the first airlines offered transportation services, air flight was novel – and it was expensive. So the airlines offered “first class” accommodations: large (and comfortable) seats, ample storage, and fine dining. But as airlines re-focused upon mass transit goals (exploiting economies-of-scale to reach a larger markets), seats became smaller – and food became paltry – and sometimes non-existent. Today, you can get inexpensive transportation in a no-frills kind of way.

Digital Parallels

The same thing has happened in the digital economy. consulting services have seen the same transformation as airlines. In the eighties and nineties, huge accounting firms provided “first class” services – at a steep prices. And shareholders saw this by the IT department’s impressive share of corporate margins. Yes, you can still find big consultancies. But today’s service landscape now includes budget (commodity) services offered by offshore consultancies. And you can find specialty firms that offer the “first class” experience – but their services are limited to a specific technological niche. For example, there are countless consulting groups that specialize in security or networking or web site / content development. And there are just as many consulting firms that specialize in specific industries.

The final result is the same. As airlines reached out to a larger market, they needed to achieve economies-of-scale in order to maintain shareholder profits. In the same way, digital consulting firms must address digital efficiencies. But in the digital market, there is a very limited cost of entry. You don’t have to spend millions of dollars (or hours) to get into the business and compete. You just need to define your scope and focus on building a team that will deliver premier services to your targeted market.

Proper Scoping Is Essential

I have grand plans for my company. My eyesight may be poor – but my vision is unrestricted. Consequently, I wanted a team that could focus upon anything and everything. I may realize that dream – at some point. But for now, I have to narrow my scope to something more achievable. But where should I focus?

  • I can do application and web site development. So can millions of other people. And my poor eyesight does limit my ability to deliver stunning visuals. Why? Simple. I can’t appreciate visual distinctiveness as well as others.
  • I can sling code. But the nineties taught me that other people would willingly sling code for far less compensation. Yes, I can learn any programming language. I’d even put my adaptability ahead of most folks. But like a renaissance man, my breadth of knowledge and my aptitude at learning new things does not always serve me well. When someone is looking for a house painter, they don’t need the cool flourishes that I can develop just for them. Some people just want paint on a slab.
  • I can architect complex systems. Yes, hundreds of other people can do the same thing. But there are fewer competitors in this space. And if I can further narrow my scope to specific domains, I can stand out even further.
Our Current Scope

So what is our current scope / focus? For today, we are focusing upon strategic services – in the small and medium-sized business market. We can’t compete with the mega-consultancies or the offshore budget services. But we know what we are doing when it comes to key services:

  1. Security architectures
  2. Infrastructure architecture and design services
  3. Business architectures
  4. IT Governance
  5. ITSM / ITL Operations Excellence
  6. IT Collaboration
Building A “Digital Economy Class”

Can we build the digital equivalent of “economy class” services? Sure. But so can others. The toughest part of this is setting the right scope so that we can maintain “first class” attributes in a commodity-oriented market segment. And the way that we deliver this is through our team. Our team wants to offer “white glove” service at an affordable price. We won’t skimp on quality. And our team will innovate wherever possible. We don’t want to deliver the most expensive service. But our team does want to deliver the most affordable “first class” experience. We will get you where you want to go. That is our first priority. But we will make sure that you have enough leg room so that we don’t cut off the circulation to your toes.

But how can you do all of this?

You have to save money some place. So we believe in helping you to reclaim the value from past investments. We want to help you to ‘recycle’ (and redeploy) your technology assets. You’ve already spent thousands (or millions) of dollars for point solutions. And you have a lot of technological assets that can be more fully utilized and/or repurposed.

For some companies, the journey is simple. You can extend the number of years that you keep assets (assuming that you have purchased them). So whenever you buy new infrastructure for a new project, you can cascade established (and lower priority) applications to your more mature infrastructure platforms. There are risks to accept when you do this. But with every new generation of IT technology, those risks are diminishing.

You can also increase systems utilization for existing systems – especially hosting platforms. Because technology efficiency has increased, you can now run your systems at higher utilization levels than you did in the past. So some companies can leverage what economists call economies-of-scale.

Finally, you can re-purpose existing assets that are not currently used. You may not have any such assets. But we have found that many companies have not focused upon their asset inventory and asset disposal processes. Indeed, most companies have surplus (older) assets that can be used for lower priority tasks. Of course, this assumes that you have both a 1-n priority list of your application/system assets and a 1-n list of your technology assets. If you have done just such a asset prioritization, then we can help you to create service tiers and allocate systems to appropriate platforms. If you haven’t categorized your assets into 1-n lists, then we can also help you to do that.

A Simple Example

We have the same technology needs that every other company has. But as a small and nimble company, we have to wring every bit of value out of every asset. So when I started to do the speaking (i.e., Meetup) circuit in the Chicagolands, I needed to have additional capabilities. Specifically, I needed a good presentation platform. That meant having a good laptop, a good traveling network infrastructure, and a good projector.

In most small and medium-sized businesses, I only have to bring my laptop. The network and the projector are usually provided by the host. And this is the same for large venues; there is almost always network infrastructure and a projector. But this is not the case for one of my upcoming presentations.

The venue for this presentation will be a room in a local pub. My host is graciously providing a projector. And the venue may or may not have wireless networking. But since my presentation is about security and privacy, I really didn’t want to run my presentation across an ill-secured public hotspot. So I decided that I wanted to bring my own network to the venue.

This could have been done in one of several ways.
  • Purchase a new router with an embedded mobile network interface: While working for major corporations, I would have just requisitioned what I needed. But I no longer have an infrastructure budget of my own. So every purchase must be connected to a real revenue opportunity. And many of my presentations are now for lead generation. So this option was a non-starter.
  • Re-purpose an old wireless router (that is in our office inventory: Since the router is big, it might have been quite impressive. It’s not a rack-mounted device. But it is bulky. And it doesn’t have builtin mobile network access.
  • Purchase a mobile hotspot. And I may do that at some point. But since this is a meetup function, it made no sense to acquire new corporate or personal funds for a network device, an access contract, or a pre-paid SIM.
  • Build our own mobile hotspot: I consulted our asset inventory and found an unused mobile phone. It was an old Nexus 6p that I had used while working for a carrier. It is an existing asset. And we do have unlimited data plans. So it would be possible to temporarily move an existing SIM to this device. Since this solution meant zero incremental capital or expense investments, I decided to pursue this option. After all, I could always purchase a solution after I tried this option.
The Pixel Experience

I had two phones that I could use. One is my Samsung Galaxy S8+. The other is a Nexus 6p (from Huawei). I needed one phone to be the hotspot and the other phone would then be the device that I would display on the projector. It would have been nice to do both on the same phone. Unfortunately, the builtin hotspot capability turns off the builtin screen casting. Could I have paid for a presentation app that would have done this? I probably could have. But I wanted a stock experience as much as possible. Since all of my mobile phone privacy apps are all on my “daily driver” (the Samsung S8+), I decided to use the Nexus 6p as the hotspot platform.

I took a few hours and I rebuilt the Nexus 6p. Specifically, I decided to upgrade the phone to a build that would support Android Pie (i.e., Android 9.x). I did this to ensure that I would get the latest hotspot software from the Android team. Then I swapped SIM cards so that I could use my T-Mobile unlimited data on my “presentation” hotspot. Apart from a few hiccups that I encountered while unlocking the bootloader, the process was remarkably simple. When I was done, I had a shiny new Nexus 6p running the Pixel Experience ROM (featuring Android Pie).

Bottom Line

When you need “economy class” services, you can still find distinctiveness. A good company provides economic value to its customers while not sacrificing the personal touches. We did this for ourselves when we leveraged existing gear in innovative ways. You can do this for yourself by selecting technology experts who share your desire to provide high quality to your customers while leveraging the best value at hand.

Broadband Haircut: Economics Meets Technology

Cutting the cord is a dramatic step - and a complicated one.
Cord Cutting Can Be Dangerous

I love it when I can blend my passion (for technology) and my training (in economics). Over the past six weeks, I’ve been doing just that – as I’ve tried to constrain household Internet usage. Six weeks ago, we began a voyage that has been years in the making: we’ve finally given ourselves a ‘broadband haircut’. And the keys to our (hopeful) success have been research, data collection, and data analysis.

Background

We have been paying far too much for broadband data services. And we’ve been doing this for far too many years. For us, our broadband voyage started with unlimited plans. Unlike most people, I’ve spent many years in the telecom business. And so I’ve been very fortunate to pay little (or nothing) for my wireless usage. At the same time, most household broadband was priced based upon bandwidth and not total usage. So we have always made our decisions based upon how much peak data we required at any given point in time.

But things are changing – for myself and for the industry.

First, I no longer work for a telecom. Instead, I work for myself as an independent consultant. So I must buy wireless usage in the “open” marketplace. [Note: The wireless market is only “open” because it is run by an oligopoly and not by a monopoly.]

Second, things have changed in the fixed broadband marketplace. Specifically, sanctioned, local access “monopolies” are losing market – and revenue. There is ample evidence to unequivocally state that cable companies charge too much for their services. For many years, they could charge whatever they wanted as long as they kept the local franchise in a particular municipality. But as competition has grown – mostly due to new technologies – so has the eventual downward pressure on cable revenues.

Starting a few years ago, cable companies started to treat their fixed broadband customers just as wireless operators have treated their mobile customers. Specifically, they started to impose data caps.  But for many long-term customers, they just kept paying the old (and outrageously high) prices for “unlimited” services.

“But the times, they are a changin’.”

Cord Cutting Has Increased Pressure

As more and more content delivery channels are opening up, more customers are starting to see that they are paying far too much for things that they don’t really want or need. How many times have you wondered what each of the ESPN channels is costing you? Or have you ever wondered if the H&G DIY shows are worth the price that you pay for them?

Many people have been feeling the way that you must feel. And for some, the feelings of abuse are intolerable. Bundling and price duress have infuriated many customers. Some of those customers have been fortunate to switch operators – if others are available in their area. Some customers have just cut the cord to bundled TV altogether.

And this consumer dissatisfaction has led to dissatisfaction in the board rooms of most telecom companies. But instead of reaching out to under-served customers and developing new products and new markets (both domestic and overseas), most telecom executives are looking for increases in “wallet share”; they are trying to bundle more services to increase their revenue. Unfortunately, the domestic markets are pretty much tapped out. “Peak cable” is upon most operators.

Nevertheless, some boards think that punishing their customers is the best means of revenue retention. Rather than switching to new products and new services, some operators have put debilitating caps on their customers in the hopes that they can squeeze a few more dollars from people that are already sick and tired of being squeezed. The result will be an even further erosion of confidence and trust in these corporations.

Making It Personal

Six weeks ago, we decided that it was time to cut the cord. We’ve been planning this for eighteen months. However, we had a contract that we needed to honor. But the instant that we dropped off our set top devices at Comcast, they brought out their real deals. In a matter of moments, we had gone from $125 per month (w/o fees) to $50 per month (w/o fees). So we took that deal – for one year. After all, we would be getting almost the same bandwidth for a tremendously reduced price. Ain’t competition grand?

But like most people, we didn’t know how much data we used while we were on an ‘unlimited’ plan. And in fairness, we didn’t care – until we started to see just how much data we were using. Bottom line: Once we had to pay for total consumption (and not just for peak consumption), we started to look at everything that would spin the consumption ‘meter’. And when we got the first email from Comcast indicating that we had exceeded their artificial, one terabyte (per month) cap [that was buried somewhere deep within the new contract], we began a frantic search for ‘heavy hitters’.

Make Decisions Based Upon Data
Pi-hole data points the way.
DNS Data

Our hunt for high-bandwidth consumers began in earnest. And I had a pretty good idea about where to start. First, I upped my bet on ad blocking. Most ad blockers block content after it has arrived at your device. Fortunately, my Pi-hole was blocking ads before they were downloaded. At the same time, I was collecting information on DNS queries and blocked requests. So I could at least find some evidence of who was using our bandwidth.

Pi-hole identifies largest DNS consumers.
Pi-hole Data: Biggest Ad Conveyors

After a few minutes of viewing reports, I noted that our new content streaming service might be the culprit. But when we cut the cord on cable TV, we had switched to YouTube TV (YTTV) on a new Roku device. And when I saw that device on the ‘big hitter’ list, I knew to dive deeper. I spent a few too many hours ensuring that my new Roku would not be downloading ad content. And after a few attempts, I’ve finally gotten the Pi-hole to block most of the new advertising sources. After all, why would I want to pay traffic fees for something that I didn’t even want!

The Price Of Freedom Is Eternal Vigilance

As is often the case, the first solution did not solve the real problem. Like President G.W. Bush in Gulf War II, I had prematurely declared success.  So I started to look deeper. It would have helped if I had detailed data on just which devices (and clients) were using what amounts of bandwidth.  But I didn’t have that data. At least, not then. Nevertheless, I had a sneaking suspicion that the real culprit was still the new content streamer.

Daily usage data shows dramatic usage reductions after solving Roku shutdown problem.
DD-WRT Daily Usage

After a whole lot of digging through Reddit, I learned that my new Roku remote did not actually shut off the Roku. Rather, their ‘power’ button only turned off the television set. And in the case of YouTube TV, the app just kept running. Fundamentally, we were using the Roku remote to turn the TV off at night – while the Roku device itself kept merrily consuming our data on a 7×24 basis.

The solution was simple: we had to turn off YouTube TV when we turned off the TV. It isn’t hard to do. But remembering to do it would be a challenge. After all, old habits do die hard. So I took a piece of tech from the electrical monopoly (ConEd) to solve a problem with the rapacious Internet provider.  A few months ago, we had an energy audit done. And as part of that audit, we got a couple of TrickleStar power strips. I re-purposed one of those strips so that when the TV was turned off, the Roku would be turned off as well.

What’s Next?

Now that we have solved that problem, I really do need to have better visibility on those things that can affect our monthly bill. Indeed, the self-imposed ‘broadband haircut’ is something that I must do all of the time. Consequently, I need to know which devices and applications are using just how much data. The stock firmware from Netgear provides no such information. Fortunately, I’m not running stock firmware. By using DD-WRT, I do have the ability to collect and save usage data.

To do this, I first need to attach an external USB  drive to the router. Then I need to collect this data and store it on the external drive. Finally, I need to routinely analyze the data so that I can keep on top of new, high-bandwidth consumers as they emerge.

Bottom Line

Economics kicked off this effort. Data analysis informed and directed this effort. With a modest investment (i.e., Pi-hole, DD-WRT, an SSD drive, and a little ingenuity), I hope to save over a thousand dollars every year.  And I am not alone. More and more people will demand a change from their operators – or they will abandon their operators altogether.

If you want to perform a similar ‘broadband haircut’, the steps are easier than they used to be. But they are still more difficult than they should be. But there is one clear piece of advice that I would offer: start planning your cable exit strategy.

Alexa Dominance: Who Can Compete?

Alexa Dominance
Amazon Echo devices now have a foothold in most American homes.

Voice control is the ‘holy grail’ of UI interaction. You need only look at old movies and television to see that voice is indeed king. [For example, the Robinson family used voice commands to control their robot. And Heywood Floyd used voice as his means of teaching and communicating with HAL.] Today, there are many voice assistants available on the market. These include: Amazon Alexa, Apple Siri, Google Assistant (aka Google Home), Microsoft Cortana, Nuance Nina, Samsung Bixby, and even the Voxagent Silvia.  But the real leaders are only now starting to emerge from this crowded market. And as of this moment, Alexa dominance in third-party voice integration is apparent.

Apple Creates The Market

Apple was the first out-of-the-gate with the Apple Siri assistant. Siri first arrived on the iPhone and later on the iPad. But since its introduction, it is now available as part of the entire Apple i-cosystem. If you are an Apple enthusiast, Siri is on your wrist (with the watch). Siri is on your computer. And Siri is on your HomePod speaker. It is even on your earbuds. And in the past six months, we are finally starting to see some third-party integration with Siri.

Amazon Seizes The Market

Amazon used an entirely different approach to entrench its voice assistant. Rather than launch the service across all Amazon-branded products, Amazon chose to first launch a voice assistant inside a speaker. This was a clever strategy. With a fairly small investment, you could have an assistant in the room with you. Wherever you spent time, your assistant would probably be close enough for routine interactions.

This strategy did not rely upon your phone always being in your pocket.  Unlike Apple, the table stakes for getting a voice assistant were relatively trivial. And more importantly, your investment was not limited to one and only one ecosystem.  When the Echo Dot was released at a trivial price point (including heavy discounts), Alexa started showing up everywhere. 

From the very outset, an Amazon voice assistant investment required funds for a simple speaker (and not an expensive smartphone). You could put the speaker in a room with a Samsung TV. Or you could set it in your kitchen. So as you listened to music (while cooking), you could add items to your next shopping list.  And you could set the timers for all of your cooking.  In short, you had a hands-free method of augmenting routine tasks.   In fact, it was this integration between normal household chores coupled with the lower entry price that helped to spur consumer purchases of the Amazon Echo (and Echo Dot).

A second key feature of Amazon’s success was its open architecture. Alexa dominance was amplified as additional hardware vendors adopted the Alexa ecosystem. And the young Internet-of-Things (IoT) marketplace adopted Alexa as its first integration platform. Yes, many companies also provided Siri and Google Assistant integration. But Alexa was their first ‘target’ platform.

The reason for Alexa integration was (and is) simple: most vendors sell their products through Amazon. So vendors gained synergies with their main supplier. Unlike the Apple model, you didn’t have to go to a brick and mortar store (whether it be the Apple Store, the carriers’ stores, or even BestBuy/Target/Walmart).  Nor did a vendor need to use another company’s supply chain. Instead, they could bundle the whole experience through an established sales/supply channel.

Google Arrives Late To The Party

While Apple and Amazon sparred with one another, Google jumped into the market. They doubled-down on ‘openness’ and interoperability.  And at this moment, the general consensus is that the Google offering is the most open. But to date, they have not gained traction because their entry price was much higher than Amazon’s. We find this to be tremendously interesting. Google got the low price part down when they offered a $20-$30 video streamer.

But with the broader household assistant, Google focused first upon the phone (choosing to fight with Apple) rather than a hands-free device that everyone could use throughout the house. And rather than follow the pricing model that they adopted with the Chromecast, Google chose to offer a more capable (and more expensive) speaker product. So while they used one part of the Amazon formula (i.e., interoperability), they avoided the price-sensitive part of the formula.

Furthermore, Google could not offer synergies with the supply chain. Consequently, Google still remains a third-place contender. For them to leap back into a more prominent position, they will either have to beat ‘all-comers’ on price or they will have to offer something really innovative that the other vendors haven’t yet delivered.

Alexa Dominance

Amazon dominance in third-party voice integration is apparent. Not only can you use Alexa on your Amazon ‘speakers’, you can use it on third-party speakers (like Sonos). You can launch actions on your phone and on your computer. And these days, you can use it with your thermostat, your light bulbs, your power sockets, your garage door, your blinds, and even your oven. In my case, I just finished integrating Alexa with Hue lights and with an ecobee thermostat.

Bottom Line

Market dominance is very fleeting. I remember when IBM was the dominant technology provider. After IBM, Microsoft dominated the computer market. At that time, companies like IBM, HP, and Sun dominated the server market. And dominance in the software market is just as fleeting. Without continually focusing on new and emerging trends, leadership can devolve back into a competitive melee, followed by the obsolescence of the leader. Indeed, this has been the rule as dominant players have struggled to maintain existing revenue streams while trying to remain innovative.

Apple is approaching the same point of transition. Their dominance of the phone market is slowly coming to an end. Unless they can pivot to something truly innovative, they may suffer the same fate as IBM, Sun, HP, Dell, Microsoft, and a host of others.

Google may be facing the same fate – though this is far less certain. Since Google’s main source of revenue is ‘search-related’ adverstising, they may see some sniping around the edges (e.g., Bing, DuckDuckGo, etc). But there is no serious challenge to their core business – at this time.

And Amazon is in a similar position: their core revenue is the supply chain ‘tax’ that they impose upon retail sales. So they may not see the same impact on their voice-related offerings. But they dare not rest upon their laurels. In candor, the Amazon position is far more appealing than the Google position. The Amazon model relies upon other companies building products that Amazon can sell. So interoperability will always be a part of any product that Amazon brands – including voice assistants. 

Only time will sort out the winners and losers. And I daresay that there is room enough for multiple ‘winners’ in this space. But for me, I am now making all of my personal and business investments based upon the continued dominance of Alexa.

Home Automation “Quest for Fire”

Home-Automation-Diagram
Home Automation

This weekend, we took another step in our home automation quest. We have used smart switches (for lamps), smart thermostats, smart music, smart cars, and even smart timers. But until Saturday, we did not have any smart lights, per se. On Saturday, we bought some Philips Hue lights (and the associated hub). That means that we now have Ethernet (i.e., wired) devices, Wifi devices, and now Zigbee devices.

Is this a big deal? The answer to that is somewhat nuanced. We’ve had smart home puzzle pieces for a while. And we almost bought a Z-Wave infrastructure to put smart switches in place. But the age of our house makes this impractical. [We don’t have neutral wires on any switches in the house. And the price to refurbish these switches would be prohibitive.]  So our home automation quest stalled. But on Saturday, I could take it no more. When we went out on errands, we stopped and picked up five (5) Hue lights.

Just Add Lights

The installation and setup was simple. It took almost no time to get everything installed and paired. And within a little more than an hour, we had functioning lights in the second floor hallway and in our master bedroom.  Over the next year, we can start to populate the various ceiling fans in the house. I figure that we can do this whenever we need to replace the incandescent bulbs that are currently installed. Given our current pace of replacement, I’m figuring that it will take a year or so to retrofit the house.

After getting everything installed, I started to make an inventory of our various smart home investments. As of today, we have the following pieces:

Current “On-Premises” Infrastructure

Today, we have so many physical (and logical) pieces in our home automation puzzle:

  • Network: Cisco network switch, Cisco VPN appliance, Netgear router, NordVPN proxy, Raspberry Pi ad blocking, Raspberry Pi DNS
  • Print: Hewlett-Packard printer
  • Entertainment: Plex media server (on PC desktop), Roku media player, Samsung TV, Silicon Dust HDHomeRun player
  • Storage: Synology storage, WD MyCloud storage
  • IoT: Amazon Echo Dot speakers, Huawei sensor/camera (on surplus phone), Kia Soul, Personal location / presence (on personal phones), Philips Hue lights, Raspberry Pi home automation appliance, TP-Link Kasa switches, WeightGURUS scale

Current “Off-Premises” Services

While we have lots of smart pieces in the house, we also have more than a few external cloud services providers. In most of these cases, these services allow us to extend “access” beyond the confines of our network. Our current list of services includes:

  • Lobostrategies Business: Bluehost, GoDaddy
  • Olsen Personal: Amazon Alexa, Dropbox, Google Drive, Google GMail, Home Assistant cloud, IFTTT cloud, Plex cloud, Pushbullet cloud, TP-Link Kasa cloud, WD MyCloud

So after adding yet another home automation “category” to the premises, we learned an important lesson: external access requires a measure of trust – and diligence. If you aren’t willing to secure your devices, then you must accept the consequences of an electronic intrusion.

Security Theater at Black Hat 2018

implantible-devices-security-theater
Wireless Security Theater

Security is a serious business. And revealing unknown flaws can make or break people – and companies. This is especially true in the healthcare industry. As more health issues are being solved through the use of  implantable technologies, security issues will become even more important. But when do “announcements” of implant vulnerabilities go from reasonable disclosure to security theater?

When my wife sent me a link to a CNBC article entitled “Security researchers say they can hack Medtronic pacemakers”, I took notice. As posted previously, I have been a cyborg since July 2002. And in 2010, I received a replacement implant. At the time, I wondered whether (of if) these devices might be hacked. After all these devices could be programmed over-the-air (OTA). Fortunately, their wireless range was (and still is) extremely limited. Indeed, it is fair to say that these devices have only “near-field communications” capability. So unless someone could get close to a patient, the possibility of a wireless attack is quite limited.

But as technology has advanced, so too have the threats of exploitation. Given recent technology advances, there was a fair chance that my device could be hacked in the same way that NFC chips in a mobile phone can be hacked. In fact, when I cross-referenced the CNBC article with other articles, I saw a picture of the very same programmer that my cardiologist uses for me. It was the vert same picture (from Medtronics) that I had posted on my personal blog over eight years ago. So as I opened the link from my wife, my heart was probably beating just a little more quickly. But I was relieved to see that CNBC was guilty of succumbing to the security theater that is Black Hat Vegas.

In this case, the Black Hat demonstrators had hacked a “programmer” (i.e., a really fancy laptop that loads firmware to the implantable device). The demonstrators rightfully noted that if a ‘bad actor’ wanted to injure a specific person, they could hack the “programmer” that is in the doctor’s office or at the hospital. And when the electro-physiology tech (EPT) did a “device check”, the implanted device (and the patient) could be harmed.

This is not a new risk. The programmer (i.e., laptop) could have been hacked from the very start. After all, the programmer is just a laptop with medical programs running on it. It is altogether nothing fancy.

The real risk is that more and more device-assisted health treatments will emerge. And along with their benefits, these devices will come with some risks. That is true for all new technologies – whether medical or not. There is a risk of bad design, or software bugs, or poor installation, or inattention to periodic updates. And there is a risk that this technology might be exploited. Of course, the fact that a pacemaker might be subject to failure during an EMP does not mean that the device should never be used.

It’s just a risk.

Fortunately, this is no different than the countless number of risks that we take every day. We trust car designers, driving instructors, other drivers, and even the weather forecasters whenever we drive our cars. And the threat that our cars are run by computers – and can necessarily be hacked – doesn’t prevent everyone from driving. 

Let’s leave the security theater in Vegas. And let’s leave the paranoia to professionals – like Alex Jones.


5G: Qualcomm Takes One Step Closer

5G Antenna Modules
5G wireless is one step closer to reality. AT&T and Verizon have made huge investments in millimeter-wave (mmWave) radio spectrum (e.g., 28GHz and 39GHz). Sprint and T-Mobile have placed their bets on existing spectrum below 6GHz (i.e., “sub-6”) radio spectrum. A huge step towards the 5G aspirations of these two camps was made yesterday when Qualcomm announced its mmWave and sub-6 antenna modules.

Now that these modules are formally available, handset designers and producers will accelerate their movement towards these pivotal 5G technologies.   Don’t expect everything to shift to 5G by the end of this year. But you should expect that handsets being developed for launch next year will begin to feature 5G capabilities.

In the meantime, expect to see niche offerings. Based upon published plans by the carriers/operators, the first products featuring 5G will probably take the form of “pucks” that will provide a “semi-fixed” wireless connection. What does “semi-fixed” mean? Simple. You won’t carry these things in your pocket; they won’t be a mobile phone. You will set them up so other devices can connect to them. I expect to see these fixed wireless solutions to start to show up in households or in the briefcases of road warriors.

Will these “hotspot” use cases dominate the residential and/or mobile office space? They will not dominate any market in 2018. I do expect to see the early adopter crowd will jump on board in the first half of 2019. But I don’t expect widespread adoption (beyond 10%) until 2019. Nevertheless, these un-tethered back haul connections will be a substantive challenge to the cable operators. Specifically, the cord-cutters (who want wireless connectivity without content bundling) will jump on these connectivity devises – assuming that the operators price them appropriately.

In the final analysis, yesterday’s announcement by Qualcomm outlines the future. And the future will be 5G. But one question remains: which team will win?

Lorin’s Prediction: The millimeter wave crowd will win in the fixed wireless challenge to cable companies. And since the mmWave build-out is starting in dense urban settings, I think that AT&T and Verizon will clean up in urban centers. For the rest of the markets, the sub-6 enthusiasts will garner more market share – until the 5G tower build-out is complete. And the sub-6 crowd will register early wins in the mobile wireless use cases.  But the real fun will begin when mmWave and sub-6 antenna modules are in every device – whether mobile or fixed. Then we will see who secures the future markets.

A Very Samsung Summer

It’s been a Samsung kind of month here at the castle. First it was the Galaxy Tab. Then we added a Samsung refrigerator. Finally, we ended up buying a second Samsung TV.
Why did we need another TV? Well, our second daughter has started a job in Chanute, Kansas as an assistant basketball coach. She is having a wonderful start to the new school year. But she is obviously moving out of our house and into her own apartment. That is great. We are so proud of her.
But there are two challenges (one practical and one emotional) that this transition brings. The practical challenge is that Dana needed a TV. Cindy and I had talked about putting an LED/LCD screen in our bedroom (to replace a seven-year old tube system). Since there needed to be a +1 purchase somewhere, we chose to give our daughter the older system so we could buy a new system.
The device we chose was a 40″ LED/LCD panel from Samsung. We already had a huge Samsung TV in our main living room. And we have loved that device. So buying another Samsung TV was a natural next step. And this time, I made sure that it would work with the DLNA infrastructure that is now throughout the house.
After getting the TV set up yesterday, I’ve been setting up a robust DLNA complex using Twonky Media. I have used Twonky in the past (with my Western Digital external hard drive). So I just bought and installed the full product on my media PC. Once I set the server up properly, I have been able to stream stuff stored anywhere in the house. And since I’ve stored all my favorite movies in digital form, it is stunningly simple to pull up any of my favorite movies either on the TV, the tablet or my mobile phone.
That took care of the first challenge. The second challenge won’t be as easy to address. Now that Dana is setting up her own apartment, she rightfully wants her own daughter to be with her. I love Dana’s sense of responsibility – and her devotion to Jayden. But it means that Jayden will no longer be living here with Cindy and I. So while we are proud of Dana, I am so terribly saddened that I won’t be seeing Jayden’s beautiful smile or hear her infectious laugh each and every day. I can only imagine the loneliness and loss that Dana felt while she was separated from her daughter for the past two years.
I don’t think that we can solve the second challenge by buying anything or by performing some kind of technical configuration. This one can only be solved with time and with the comforting knowledge that Jayden (and Dana) are starting off on a new and exciting journey – and we will always be along to help and to share in both the burdens and the joy.
-Roo

From Uber-Geek to…Corporate Wonk?

It is always good to see when talent is rewarded. So many of us began our careers very humbly. I started my career by building my own PC. [When I started, you were forced to solder them yourself. And most folks were using CP/M (from Digital Research).] Still others gained their notoriety by being public hackers (some more ethical than others).
Recently, the term “hacker” has been blurred with the term “geek” (not to be confused with the term “nerd”). There have been some fabulous hackers who are very dedicated to the platforms that they “expanded” (through their often unauthorized projects). I still remember many of the Windows Mobile geeks based upon their work on various “kitchens” (i.e., the collection of tools they used to “cook” their products). While I don’t remember any of their real names, their pseudonyms are still memorable.
Many of the early mobile hackers moved on to work for carriers or for handset vendors. They moved from their hacker lifestyle into their corporate lifestyle as effortlessly as changing a suit of clothing. Basically, they morphed from pop stars (in small circles) to anonymous contributors in a much larger lake.
But it is far harder to make those kinds of transitions into anonymity these days. First, the exceptional hackers are elevated to an elite (and very public) status. Today, the application of cred points is done by a community in a social media setting (e.g., Twitter, Google+, etc). And it is also far more difficult to fade away from your past. Today, every word you speak is recorded, parsed, analyzed and used in your next job interview.
Nevertheless, it is still possible to make the jump into mainstream.
A few weeks ago, Samsung hired Steve Kondik (aka, cyanogen).  Now, Apple has hired Nicholas Allegra (aka, comex). While I am glad that big companies are looking beyond their own short-sighted misgivings to recognize real talent, I am even happier that exceptional talent will be put to exceptional use in the industry. Let’s welcome Steve and Nicholas to the next phase of their careers/lives.
-Roo

Me and My Tablet

It’s been twenty-one days since I bought my Samsung Galaxy Tab 10.1 device. And in that time, the tab and I have been through a lot. We’ve had to replace the Zagg screen protector twice. We’ve shared a firmware upgrade (courtesy of the talented Samsung support team). We’ve even solved a DHCP problem with a Belkin router at my office. Throughout that time, we’ve shared many apps (free and paid). All in all, we are becoming quite a couple.
After suffering a lot of anxiety about how we would relate to each other should we take “the ultimate step” in our relationship, we finally set aside any emotional baggage and cemented our relationship. Last night, I rooted my best tablet. By taking this ultimate step in commitment, we are reluctantly saying “goodbye” to direct support from Samsung. But I have high hopes that Steve Kondik (CyanogenMod creator who just joined Samsung) may help to create a new relationship between Samsung, its products and its customers.
-Roo