Lead the Charge Against More Advanced APIs

I received a conference solicitation with the provocative title of “Lead the Charge Against More Advanced APIs”. You could register and:

Add to your skills to defend against genuinely advanced cyber attackers employing a myriad of methods such as DDoS, DNS and API … Gain tools and insights that can help you protect enterprises from more advanced APIs

I suppose that I should be kind and refrain from making fun of the copywriter. On the other hand, I really hope that this imprecision is not catching.

Hint to future copywriters on security topics: DNS is a service, APIs are interfaces, they can be attacked, they are not attacks or attack methods.

Coin: I’m in (pre-order)

Like a few others, I’m pre-ordering a Coin. I could use a thinner waller ith fewer cards in it. It’s a product that solves a real problem, and the half-off pre-order price is right.

A joy to be held

By day, I manage a bunch of very talented software developers, and along the way I get to run our software on a wide variety of mobile devices. I like the creativity and innovation of our industry. I thought I’d offer a review of some current products and point out the things I find delightful. This isn’t intended to be a systematic comparison; I’m just highlighting the particular things I like.

Wow

  • Right now, the Motorola Moto X is the one current device that strikes me as downright pleasant every time I pick it up. The curve of the back and the rubbery texture make it feel really thin but easy to hold. It feels like a mini — my thumb reaches everywhere, just like the iPhone 5 commercial — but that’s a 4.7″ screen with tiny bezel. I find the voice recognition clever and I like the innovation expressed in the second processor always-on architecture that supports it. The camera double-twist gesture feels clever too.
  • It reminds me of the Kindle E-Ink devices, and even now, every time I pick up our old Kindle Keyboard, I still marvel at the lightness of the form and the pleasant experience. I know how out-of-date our old one is but, nonetheless, it’s the beginning of a beautiful series of devices. (The Kindle Fire tablet devices are OK, but the heavier weight, squarish edges, and hunting for buttons leaves them out of my “wow” category.)

Honorable Mentions

  • The LG G2 is another thin large (5.2″) narrow-bezel screen that still feels pocket size, not a purse-size phablet. The high-contrast skinning is pretty good and a little different. They took a risk with the buttons on back (I’d prefer them further from the camera).
  • Indeed, the Apple iphone 5/5s/5c is a well-balanced device, also in the mini class by today’s standards. Beautiful display. As a developer, I enjoy the lack of frangmentation due to single-vendor support of old devices and a forced march to update the operating system. Mature APIs especially in the audio area are a big help, especially for VoIP app developers.
  • The Samsung Galaxy S4 is a workhorse. There’s nothing to dislike. I like large screens, and a plastic back doesn’t bother me. I tend to favor simplifying my life with the Google Edition. I know that many people favor metal backs as evidence of “build quality”, but I don’t get it. (The HTC ONE is a fine device if that’s important to you.)

The evil CARB-compliant gas can

How Government Wrecked the Gas Can

“Hmmm, I just hate how slow these gas cans are these days,” he grumbled. “There’s no vent on them.”

That sound of frustration in this guy’s voice was strangely familiar, the grumble that comes when something that used to work but doesn’t work anymore, for some odd reason we can’t identify.

I’m pretty alert to such problems these days. Soap doesn’t work. Toilets don’t flush. Clothes washers don’t clean. Light bulbs don’t illuminate. Refrigerators break too soon. Paint discolors. Lawnmowers have to be hacked. It’s all caused by idiotic government regulations that are wrecking our lives one consumer product at a time, all in ways we hardly notice.

Smart endpoints, complaint aggregators, carrier support, and real-time interfaces for law enforcement: A solution for the 2013 FTC Robocall Challenge

Submitted to the FTC Robocall Challenge on January 15, 2013 [link]

Overview

I propose a system comprised of smart endpoints and complaint aggregators, with interfaces to carriers and law enforcement, partially supported by bounties from successful prosecutions.

Benefits from this system accrue to all parties:

  • Smart endpoint hardware and software near consumers provides call screening features in a simple comprehensible manner (from the consumer point-of-view, an answering machine plus screening features). Building in flexibility allows the system to remain nimble as techniques become more sophisticated. Smart endpoints can capture complete audio data, compute audio fingerprints, and make classification decisions based on both content and metadata.
  • Complaint aggregation services benefit from a stream of prompt data in high volume. Beneficiaries of that aggregated data include law enforcement personnel and prosecutors, who can prioritize investigations by volume, and build stronger cases with high incident counts that are well-documented, supporting higher fines from successful prosecutions.
  • Interfaces between endpoints, carriers, and complaint aggregators enable the use of live call transfers as one of the call rejection mechanisms. Benefits include improved opportunities for call tracing, and selective automation-supported transfer of calls to law enforcement for identifying qualifiers and telemarketers.
  • Financial incentives from sharing bounties on successful prosecutions give at least a psychological/marketing boost to the entire system. There is some history for bounties in the U.S, in the form of qui tam litigation. Naming the endpoints “privateers” and noting the history of letters of marque is one evocative way to market the concept to consumers. Who doesn’t want to own a privateer protecting their privacy?

Details

The consumer point of view

The smart endpoint is easily comprehended as an answering machine PLUS:

  • Easy call block (one-press blacklist) and call enable (whitelist)
    • Implementation: Blacklist with simple sequence such as “*#” or long-press-* or long-press-#. Whitelist via memory of outbound calls. The typical set of answering machine features is also provided.
  • Automatic screening and classification into ring-through or take-a-message with automatic classification into an inbox or a suspicious box.
  • Like the current generation of call screening, some use of Caller ID is not ruled out, though clearly it is not definitive for robocall identification. Mainly Caller ID may be useful for classification of legal unwanted calls, since legal callers have no need to hide their source. Legal callees have every right to ignore high-volume unwanted calls despite their illegality. Even forged Called ID data may be useful as weak evidence if callers exhibit any predictable geographic or bogus forgery preferences.
  • Take-a-message behavior includes a CAPTCHA to add one more bit of evidence. I assert that “dial 23 to leave a message” is barely distinguishable from “leave a message after the tone” in annoyance level. (A minor disagreement with Mr Schulzrinne’s seminar presentation on “The Network”.)
  • Easy after-the-fact blocking (manual classification) while listening to recorded messages
  • Handles all unwanted calls: illegal robocalls or unwanted legal calls (Note: This is my definition of optimum behavior — the consumer gets to define “unwanted”.)
  • Low probability of false positives since CAPTCHA can take a message and mark it less-suspicious
  • Incentives: reporting incidents offers consumers:
    • Valuable prizes: opportunity for share of proceeds from prosecution
    • satisfaction of getting a caller blocked on your friends’ phones
    • know that the reports of others are contributing to the quality of your classifier

Behind the scenes, this endpoint can:

  • Send unwanted call data (recorded audio and/or acoustic fingerprints, caller ID) to complaint aggregator
  • Use crowdsourced collaborative filtering data from complaint aggregator to improve classification
    • pre-filing
    • post-filing
  • Transfer live calls (classified as unwanted) via carrier for live call tracing or human investigation, while passing incident and classification information out-of-band to the complaint aggregator so it can be shared immediately with cooperating law enforcement systems.

The system point of view

Complaint Aggregators can:

  • Collect high-quality unwanted call data, including:
    • recorded audio and/or derived data such as acoustic fingerprints, speech to text, or vocoder-based respresentations
    • evidence from CAPTCHA success/failure
    • evidence from human consumer’s manual classification
  • Offer to share valuable prizes when aggregated evidence contributes to prosecutions.

Carriers can:

  • Provide support for transferred calls from consumer endpoints, for live call tracing, or for transfer to live law enforcement investigators so qualifiers and telemarketers can be identified.
    • Implementation: Like current carrier switches that support call transfer via flash-dialcode-phonenumber, carriers could also support call transfers with an opaque incident number included in the dialing sequence. The opaque incident number could be passed to the destination as DNIS (dialed number) information, and this small datum could be a (aggregator#,incident#) key that would allow systems with access to aggregator data to immediately look up incident data (which was transmitted to aggregators out of band).
  • Offer the consumer endpoint features as a hosted IVR service instead of customer premise equipment

The law enforcement and prosecutor point of view

Complaint aggregators provide a high-quality stream of evidence:

  • verifiable audio recordings
  • automatic prompt high-volume clustering of identical robocall messages

Carrier forwarding of live calls includes:

  • opportunity for more information from network tracing of live calls,
  • opportunity for insertion of human investigators into robocall-initiated calls to collect information from qualifiers and telemarketers
    • automatic clustering based on initial robocall message provides opportunity to prioritize high-volume known offenders for live call transfer to human investigators

Therefore law enforcement is more likely to identify the actual source of illegal calls, and prosecutors have a strong record of high volume incidents supporting a case for high fines.

Interfaces among providers of these components and services are important

Smart endpoints and complaint aggregator services would be likely to be tightly integrated, as rapid nimble new feature development is important, so single-vendor suppliers of both would benefit from coordination between endpoint features and back-end database and computation features. But a competitive market including multiple endpoint/aggregator providers would be more healthy than a single source. Each supplier could implement a closed proprietary system and could innovate as rapidly as they want.

Law enforcement systems and personnel would want a common interface to multiple complaint aggregators and multiple carriers. Some simple general interfaces for pulling evidence from aggregators and carriers in real time would limit implementation on the law enforcement side without slowing down the innovation the data collection side.

Discussion of hostile counter-measures

Indeed, illegal callers are likely to adopt some counter-measures, some of which will be more effective than others. All will increase the expenses incurred by the callers.

  • To evade CAPTCHA challenges, callers may implement voice recognition or insert humans. Both are expensive, and can be made more so by increasing the variety of challenges.
  • To evade content matching, callers can introduce chaff to recording content (noise, distortion, voice generator parameter changes, music, timing changes). Audio fingerprinting techniques are already immune to many of these variations. Since the real domain is speech, text to speech algorithms will tend to be insensitive to these recorded content changes as well.
  • Attackers could try to overwhelm or subvert aggregator services or data structures. However, participation in the infrastructure would be limited to subscribing users, with enough resiliance to restrict access to legitimate devices and ignore denial of service attacks.

Evaluation

At a minimum, even as a standalone device, a smart endpoint offers as much as current user-configured call screening devices, with a simple comprehensible consumer feature set.

Aggregating evidence from many endpoints implementing manual classification and automatic CAPTCHA (in collaborative filtering and crowdsourcing fashion) makes the endpoints more powerful than any standalone device.

Access to realtime streams of call information through aggregators allows law enforcement to move from correlating randomly sampled incomplete delayed complaint reports to acting on deliberately selected fully-documented immediate events. Then for prosecution, automation support for building large related incident lists are useful for maximizing fines.

Endpoint implementation can be in a hardware device near the consumer, or can be a hosted service located at a carrier or IVR vendor, or can be embedded in a mobile phone application. All of those implementations benefit from sharing data with aggregators.

For the future, an architecture including both distributed smart endpoints and centralized database and compute support is a natural solution to implementing new technologies, such as authenticated caller ID in a VoIP-based consumer world. Successful endpoint implementors and complaint aggregators in the current generation will be well positioned to deliver implementations and services for the next generation.

diigo.com’s domain is hijacked

The good news is that diigo.com is not defunct.

The bad news is that their domain has been momentarily hijacked, see http://www.diigo.net/about/domain:

Dear Diigo users,

We’re terribly sorry to inform you that we’re experiencing domain hijacking, ie. someone gained access to our Yahoo domain registrar account, and illegally hijacked the domain, www.diigo.com. Very soon www.diigo.com may not be accessible to you until this issue is resolved.

But please rest assured that all our servers and user data are NOT compromised, and your data can be alternatively accessed at

www.diigo.net

Your current Diigo extensions and bookmarklets will not work on diigo.net.

For now, to bookmark to diigo.net, please install this special bookmarklet for diigo.net >>

Again, we’re terribly sorry about any inconvenience this may have brought you. We’re working hard to resolve this. Thanks for your patience and continued support.

For the latest status update, please see our tweets at twitter.com/diigo

Sincerely,

The Diigo Team

Services sans support

Face it, the most successful services in the new era are the ones that provide something valuable while keeping their per-user costs near zero: some service, no customer support, and users happy nonetheless.

Phone service does not fit that model. There are just too many occasions for “no support” to be unacceptable.

Today’s example: Porting a phone number from Verizon to Google Voice: Just $20, it works great, except when it doesn’t. In my case, SMS never successfully ported. The only support mechanism is a help page that states that it takes up to five business days for text messaging to resume after a port, and after that time, you can visit a web page to fill out a form that causes no observable action.

This could have been mitigated by supplying information instead of support. Expose the internal states of the porting process, so a customer can see progress or can know who to blame. Track the tickets on the problem reports.

But Google Voice as it stands offers no information and no support (and all attempts to “get a human” fail). So it gets the blame for failure to deliver, even if it’s somebody else’s fault. (Who knows, perhaps carriers and SMS gateway providers drag their feet on number porting. But with no information offered, all I know for sure is that Google Voice couldn’t get it done after weeks of waiting.)

In summary: For some businesses the appropriate level of offered support ought to be greater than zero. More status information can mean less customer support.

Don’t try to make me spam my contacts

High-quality social network sites grow because contacts are real, and site-mediated communication is welcome. For example, LinkedIn from the beginning treated contact information very carefully, never generating any email except by explicit request of a user. Therefore it felt safe to import contacts into it, since I wasn’t exposing my colleagues to unexpected spam. (LinkedIn has loosened up a bit. Originally one could not even try to connect to someone unless you knew their email address already. They made it easier to connect to people found by search only, and you can pay extra to send messages to strangers; nonetheless, in my experience it’s always user-initiated.)

Low-quality social network sites grow by finding ways to extract contacts from people so the system can spam them, or trick users into acting as individual spam drones. (A worst-case example are those worm-like provocative wall postings that, once clicked, cause your friends to seem to post them also. Just up from that on the low rungs are the game sites that post frequent progress updates to all your friends.)

I’m a joiner and early adopter, but I rarely invite people to use a service they’re not already using. That’s my way of treating my contacts respectfully, and protecting my own reputation as a source of wanted communication, not piles of unsolicited invitations.

Google Plus has recently taken a step toward lower quality by changing their ‘Find People’ feature. Previously it identified/suggested Google Plus users separately (good). Now it identifies and suggests everyone on your contact list and beyond, without identifying whether they are already a Google Plus user. Really they are nudging me toward being an invite machine for them.

As a result, Google Plus will get less high-quality social-network building (among people who respect their contacts and take care with their communication), and more low-quality social-network building (piles of invites from people I barely know). If it goes too far downhill, Google will endanger the willingness of high-quality users to let Google know anything about their contacts or touch their email.

My first Android notification bar spam

I just got my first Android notification bar spam (a star notification icon and “Movies! Movies! Movies!” text). The free utility AirPush Detector identified the culprit. The loser is: “SPL Meter FREE” also known as “ANDROID SPL METER” by “Hashir N A”.

Oh, and www.airpush.com/optout doesn’t cut it.

Paddle a kayak on Wednesday nights

This is fun and it’s good for you: Every Wednesday night at Bay Creek Padding Center on Irondequoit Bay, paddle a kayak around a 2-mile course, get timed, set a new personal record, eat a hot dog.