Episode 61: San Marino showed up with robots!

Download: Episode 61.

This week Audrey and I chat about Google Duplex, Signal desktop issues, Medium’s continued floundering, and offensive hacking (“active defense”). Enjoy!

Show Notes

Community Announcements

Community Event Planning, 2nd Edition

We’ve launched our Kickstarter for the 2nd edition of Community Event Planning!

We’re publishing an expanded and updated version of our guide to running community-focused conferences, with new material on diversity. In addition to writing from our own expertise, we’ll be interviewing other event organizers from our technology community to share their best practices. Creating community events is a an ongoing conversation, and we all learn from each other. The Kickstarter runs through end of day on May 31st. Please back us if you are able!

The Responsible Communication Style Guide is headed back to the printers!

When we sold out of print copies of The Responsible Communication Style Guide last fall, we promised to do another print run in early 2018. We’re happy to announce that we’re ready.

If you’ve been waiting to pick up a printed book (or enough for the rest of the office so they stop filching your copy), this is your chance. Order now!

Issue 9: Hard Problems is now shipping!

You can still get your copy in the Recompiler Shop.

Now Broadcasting LIVE most Fridays

We broadcast our episode recordings LIVE on most Fridays at 10am PST. Mark your calendars and visit recompilermag.live to tune-in.

We love hearing from you! Feedback, comments, questions…

We’d love hearing from you, so get in touch!

You can leave a comment on this post, tweet to @recompilermag or our host @christi3k, or send an email to podcast@recompilermag.com.

Transcript

CHRISTIE: Hello and welcome to The Recompiler, a feminist hacker podcast where we talk about technology in a fun and playful way. I’m your host, Christie Koehler.

We should be live. Hi, Audrey.

AUDREY: Hi, Christie.

CHRISTIE: It’s Friday, May 11th.

AUDREY: Yes.

CHRISTIE: It’s just a few minutes after 10:00 Pacific Daylight Time. It’s overcast. At least for me, it is.

AUDREY: Yeah. It’s been a little bit cooler the last couple of days.

CHRISTIE: And although springtime weather here can be so microclimate-y because it was all rainy and overcast here. And so I just kind of jumped in the car and went to Home Depot to get cleaning supplies and in just a little bit south, it was like sunny that I didn’t think to bring sunglasses.

AUDREY: Yeah, I keep having that problem where I think that, well I always bring my raincoat if I think it’ll rain but I don’t usually bring sunglasses if I think it could be sunny because I forget. It’s awkward.

CHRISTIE: What do we got going? Have you got some announcements?

AUDREY: I do. Yeah, there’s still a little bit longer to order your copy of The Responsible Communication Style Guide from our second printing. We just really want this resource out in the hands of as many people as possible because it’s just such an amazing tool for understanding other groups of people and how to communicate. We also are doing a Kickstarter, Christie. Are you doing your Kickstarter?

CHRISTIE: Yes. I’ve been doing my Kickstarter. What a Kickstarter for, Audrey?

AUDREY: For the second edition of our community event planning book.

CHRISTIE: Yeah. And so, we put the first edition together a couple of years ago after presenting on this topic a couple of times and wanting to create a resource that was a little more portable and distributable. And since then, we’ve learned a lot. And also others who have been planning events in our community have been doing really cool and interesting things that we want to showcase as well. And so yes, we have a Kickstarter going to fund that work and we’ll link in the show notes. [Inaudible].

AUDREY: No, we don’t but they can always search on Kickstarter for community event planning or even The Recompiler and they’ll find our past projects.

CHRISTIE: And so there’s cool backer rewards that include different versions of the book all the way up to a workshop, and we’re running this through the end of the month. We love if you’re able to back it and/or tell others about it, that would be great. Anything else about that, Audrey?

AUDREY: No, just that I think we’re both really excited to build on the work that we’ve done so far in the writing and the events, and to get out and connect with people in our community and learn from what they’ve been doing too.

CHRISTIE: Definitely. All right. So we’ll have all those yummy links in the show notes and I think we’re on to our topics.

AUDREY: Yeah.

CHRISTIE: First, Audrey, how do you really know I’m not a robot?

AUDREY: Well, we talk a lot and you use consistent speech patterns and you’re prone to non-sequiturs and…

CHRISTIE: And things called disfluencies such as uhm, ahh, which I become acutely aware of when I’m editing this podcast.

AUDREY: Oh, yes. It’s similarly for me when I prep our transcript. I get the transcript from our transcriptionist and when I go to put it on the website, I always do a read through to make sure that proper names are spelled correctly. And the person who does this actually does a great job looking the stuff up. But I always do like a read through for that and then I realize that I start every sentence with, “Yeah.”

CHRISTIE: This is also…I don’t excessively edit. It’s also really hard to edit those disfluencies when they’re in the middle of a sentence. But I try to cut out when there’s something that has some silence around it or it’s really awkward. So that’s even after an edit.

AUDREY: Though we still have that, and that’s fine. The pitch is the other thing that we don’t actually speak in a level. When people speak in monotone, we know that that’s very robotic and hard to listen to. And so that when you’re editing part of what you can edit out the ‘yeah’ at the start of every sentence is that the pitch will be wrong. The pitch of a sentence does change from the start to the end. And not just with our West Coast vocal fry that I think one of the articles called out.

CHRISTIE: What does that even mean?

AUDREY: Vocal fry, it’s that sort of question lift at the end of a sentence.

CHRISTIE: Yeah?

AUDREY: Some of the tonal things that make things sound even more casual to us.

CHRISTIE: The reason I asked is because Google’s big product showcase conference thingamabobber called Google I/O is happening this week or happened this week, I guess. And I’m still astounded that it’s now at Shoreline Amphitheatre which is a giant 20,000/25,000-person venue happened this weekend. They always kind of save their big fancy product demos for this conference and one of the things they showed off is something called Google Duplex. It says…this is from Google’s announcement which I read through this morning. Audrey and I just put in the show notes, so you may not have seen this. It says, “An AI system for accomplishing real-world tasks over the phone.”

AUDREY: That sounds like a useful thing.

CHRISTIE: Yes. And I would encourage if you haven’t already heard these clips and you’re interested in this, we’ll have the link to the Google posts in show notes, and they have sound clips. Have you heard these, Audrey?

AUDREY: No, I saw a description of them. I haven’t listened.

CHRISTIE: I listened to a few and they sound remarkably human. And also this Google post kind of goes into some more detail about the tech behind it, how they accomplish this. And so basically it says, “Duplex basically carries out natural language conversations,” and they’ve trained it for some very specific tasks basically calling a business to make an appointment and calling a restaurant. And I didn’t listen in the restaurant clips. I don’t know if it’s making reservations or finding out open hours or whatever. I think it might be both.

AUDREY: That was my impression and that Google’s also thinking about or testing using this to update their business data about what hours businesses are open, whether they’re open on holidays.

CHRISTIE: Further on in the Google announcement it says that basically if someone uses Google Duplex to call or maybe Google will do this, to call business and get updated information that they’ll then put that in their relative touch points about that business, like I think sort of that stuff you see on Google Maps and elsewhere. It says Duplex can only carry out natural conversations after being deeply trained in such domains, cannot carry out general conversations.

AUDREY: It still has limitation that you need enough data, you need enough information, you need it to be consistent enough. It’s still very difficult to create a system that can have this kind of conversation. But a system that can handle…so many of our social interactions are scripted that way. We say the same thing over and over again which is totally fine. But that does make it easier to create a system that can do those things.

CHRISTIE: And even with that sort of finite set, there’s still a tremendous amount of variation. The post from Google kind of gives some examples of that.

AUDREY: To listen to different ways that answers are handled.

CHRISTIE: Right, like if someone might say, “Okay for 4,” that can mean 4PM a time or 4 people. So there’s a lot of context. It says, “At the heart of Duplex is a recurrent neural network designed to cope with these challenges built using TensorFlow Extended.” Now, this is something that stuck out for me, Audrey. “To obtain its high precision, we trained Duplex’s RNN, that’s the recurrent neural network, on a corpus of anonymized phone conversation data. The network uses the output of Google’s automatic speech recognition technology, as well as feature from the audio history of the conversation, the parameters of the conversation and more.”

AUDREY: How did they collect these phone conversations?

CHRISTIE: That was my question and it’s not answered in this post.

AUDREY: Okay, the customer service call is being recorded not for research purposes but like…

CHRISTIE: Quality assurance?

AUDREY: Quality assurance assessment. I think that we see a certain amount of like, “Oh, data might be collected for evaluation, for research,” and you don’t think about the level of detail of that data that could be collected. And I wonder if this is something similar. I don’t know.

CHRISTIE: There’s another thing that stuck out for me in the announcement. It says, “The majority of tasks are fully automated, carried out fully autonomously without human involvement. However, this system has a self-monitoring capability which allows it to recognize the tasks it cannot complete autonomously (e.g. scheduling an unusually complex appointment). In these cases, it signals to a human operator who can complete the task.” That can be good or bad depending upon your perspective.

AUDREY: That does strike me as necessary. Otherwise, people are going to perceive this as another kind of spam.

CHRISTIE: And it’s another case of like Expensify their feature that seems to be really magical as actually using people in the background.

AUDREY: Or the adversarial image classification stuff we looked at a few weeks ago about sheep where one of the services does actually make anything and has a lot of uncertainty about going in front of a person.

CHRISTIE: There’s something here about training the system on new domains, uses real time supervised training. And then it goes on to talk about the benefits to businesses. I was seeing bits and bubbles of reaction to this on social media. From, “Oh, this is creepy interesting,” to, “This is great for accessibility,” to, “This is not great for accessibility,” to, “Why are you complaining about this?”

AUDREY: Of course.

CHRISTIE: Find something better to do. I haven’t really been able to sort through all that. Is there anything that stood out for you among different people’s reactions?

AUDREY: There were a couple of things. One of them is that a lot of people seem to feel strongly that this should be disclosed. If you’re getting a call from Google Duplex, you should know that that’s what’s happening and that there is something fraudulent about having a computer call a human on behalf of a person.

CHRISTIE: Or represent itself as a human.

AUDREY: I don’t know. I mean, don’t you get those, not sales calls, but those people offering you a vacation giveaway. Don’t you get some of those and pick up and it sounds like just a person talking for a while and then turns out to be a recording? The moment that you say, “No, I’m not interested,” and they’re still talking, you realize that it’s a recording.

CHRISTIE: I quite often do not answer numbers that seem like spam but I have been in that occasion.

AUDREY: They’re using more and more local numbers like in my same, whatever that first three is, the same region.

CHRISTIE: If you never update your mobile number, then that’s that give away. I get a lot of numbers from a place in California I haven’t lived in 10 years.

AUDREY: For me I’m like, “Is that the pharmacy?” I don’t know. And different callbacks, unfortunately different callbacks that you want to interact with sometimes use different caller numbers.

CHRISTIE: Right.

AUDREY: So it can be a little bit hard to tell what the real one is. Every so often, I’m expecting a phone call and they pick it up and it turns out to be one of those things and I’m like, “Oh, it’s another recording. I don’t feel rude anymore. Bye.” Maybe that is a little bit of why people want to know the permission to not take it seriously to not put the effort into talking like you talk to another person.

CHRISTIE: It’s interesting that you say that because I think people definitely have different thresholds. I think I might have told you the story. I once applied for a telemarketing job and it was like an in-person interview. And the hiring manager asked me like basically, “When do you give up trying to have a conversation with someone you’ve called?” And I gave various answers all of which were wrong. And he basically said, “You wait for them to hang up on you.” And this was a number of years ago and ever since then, I have had no qualms about hanging up on any sort of automated call or telemarketing type of call.

AUDREY: Sure. Even that one I think is a human, I just hang up. I stop saying anything. I just hang up. I think that that’s actually in some ways the more polite thing that I can do with a telemarketer. I don’t know. I think that some of people’s concerns seem to come down to that. I did see one person who felt like this was a little bit of a slippery slope around making people identify who or what they are. And I also have been thinking about the accessibility angle a lot because I’m taking an ASL class taught by a deaf teacher. And until this, I didn’t realize that there have been a couple of…I knew about TTY, the text to voice service. Not even text, it was just text transmission service. I didn’t know about video relay services, but our teachers have been really life changing because there is a federally-funded service where you open your video chat and you connect to somebody who’s a sign language interpreter and then they make the phone call. So, they interpret for you on the phone. And she told us that she’s been able to navigate what would be some very difficult conversations to handle easily over TTY, been able to do them very easily through the video relay service. And so I thought to the extent that it helps people do those basic things like order pizza and yet we talked about ordering pizza for a while because it’s a good example of something where you really need just enough information to happen over the phone to make it effective. And the different ways that services can help people who can’t hear to do that.

CHRISTIE: And I think that’s a different example in that it’s taxpayer-funded. Presumably it involves humans as intermediary and I think that’s really different than coming from a private company who we know has been monetizing our personal data and our attention for some time and it that these systems further do that. And anyone who’s been doing that…

AUDREY: At the very least…

CHRISTIE: Will this put a certain number of ASL translators out of business?

AUDREY: If it became really generalizable. But it would need a much greater ability than just ordering pizza. And our teacher’s sort of counterexample was that if you are hard of hearing, you just sort of yell what you think you need to over the phone and hope that the pizza place got it. So, there are some ways to improve on what’s available for people. I agree that if Google calls you to find out what your hours are, at the very least, it should probably tell you that this is being recorded even though it’s not required in every state. I think that given that the recording isn’t just for private personal use, I think that it’s pretty reasonable to expect them to acknowledge that.

CHRISTIE: I think California is a two-party state anyway but I could be wrong.

AUDREY: Well then, how are they going to handle that?

CHRISTIE: Does what they’re doing count as a recording?

AUDREY: If they hold on to the audible response of the human on the other end so that they can improve their system. I mean, why wouldn’t they?

CHRISTIE: I don’t know.

AUDREY: For training.

CHRISTIE: I think this will post a lot of questions like that.

AUDREY: I agree.

CHRISTIE: Because we talked about the smart sensor thing, how a lot of the data is done on the poll and then just sort of the results are transmitted. And I wonder if there’s potentially something like that, that one could argue is not a recording. It goes back to so many of these laws were written with different modes of technology in mind. The laws around recording pretty much apply to telephone technology. That’s why they’re called two-party laws rather than multi-party laws.

AUDREY: Right. I don’t know, I guess I’m stuck trying to think of like what information they could collect before I would think it’s a recording. If they’re scoring the success of the interaction, then that probably isn’t. But if they’re retaining audios so that they can improve their service, then that sure seems like recording to me.

CHRISTIE: And doesn’t inter-media cache or in-memory representation count or is it only more persistent storage mechanism?

AUDREY: Obviously, the law doesn’t clarify that, so I don’t know. Does this mean that we can look forward to somebody suing Google to find out?

CHRISTIE: Who knows? Big companies get sued all the time but it also ups the ante in terms of the resources you need to sue them. Anything else with Google Duplex?

AUDREY: No, I think we’ve just concluded that you should hang up on anybody you want to.

CHRISTIE: Amen to that.

AUDREY: Even if they’re asking you for business information, it’s okay.

CHRISTIE: Signal. Signal had a bit of a hiccup on the Mac desktop client.

AUDREY: I think this affects both of us.

CHRISTIE: Yes. An update has been pushed.

AUDREY: I updated it right before we started talking.

CHRISTIE: Awesome. I spilled my water all over my power cables right before we started talking [inaudible] sounds more productive.

AUDREY: My teacup is very securely contained to the side of the microphone where it will stay.

CHRISTIE: I think what happened is…so I have a new slightly different desk layout because I started a new job so I kind of moved stuff around. I think that’s…because I haven’t spilled here. Anyway, I think for a while, I might just use my Klean canteen or get an actual sippy cup or something. Anyway, Signal on the Mac desktop client notifications are now integrated. I say that like it’s new, I don’t think it’s new. You can get notifications through the operating system for various things. And it turns out that those content and messages were sort of getting recorded in the notifications database and not being deleted appropriately. And this is particularly, I don’t want to use the word ‘deceiving’. I think that’s a wrong connotation. But it runs counter to what the user would have expected because Signal has that setting for auto-destroy messages or whatever.

AUDREY: Right. And I’m not currently using that. But I’ve actually been surprised that the default for Signal is that it shows a preview of the message when you get a notification. I would have really expected it to be the opposite. And on my phone, I’ve changed it. On the desktop, I haven’t gotten around to it. But it always seems a little weird to me that if your computer is locked, somebody can read the messages as they come in.

CHRISTIE: Right. So if you go to the preferences, it says, “When messages arrive, display notifications that reveal…” and then you have choices and the default is both sender name and message. I think this is also kind of…we talk a lot about security and how sort of the first step is raising the situational awareness and I think this is a good opportunity to think about how like with most any human interaction, the safety-ness or whatever of it is dependent on both parties. And you can’t control what my settings are. So you have to assume that possibly something you said may show up on someone’s phone or desktop that can be read.

AUDREY: Right, that there are a lot of situations in passing information where you don’t control the other end, where it may have unintended side effects. All of the ways that this problem happened makes sense that of course, the notifications are stored so that they can be displayed. And of course if you had the information of the message, then it would get stored in the place where they get stored. So it sounds like it was an easy fix though.

CHRISTIE: Is the disappearing messages thing per contact?

AUDREY: Yeah, per group chat. I haven’t been using it.

CHRISTIE: So if you get that prompt to update Signal, you might want to do that sooner rather than later. Signal updates a lot. Or maybe it’s just that it on a lot of computers, I don’t know.

AUDREY: No, I think it does once a week-ish. The other thing is that if you’ve been using disappearing messages and there are things that could be sensitive information that have come through on the desktop, you should look up how to clear out that database of the notification information because even Signal updating won’t necessarily update or delete the old stuff that already got stored.

CHRISTIE: I don’t know if that’s in this Motherboard article but maybe we’ll try to find a direct post to that.

AUDREY: I think they mention it in general but I’m sure somebody has covered where to find…I think it’s just a SeQuaLite database.

CHRISTIE: Yeah. Oh, Medium. Publishing is hard. You know this, Audrey.

AUDREY: Publishing is hard and connecting the subscribers is a lot of work. It’s very valuable. We publish so that somebody can read it. And to have somebody just completely mess up your attempts to do that would be really, really awful.

CHRISTIE: Nieman Lab has an article about this. I originally heard about it because I saw someone tweeting about it from, I think, the Boston Institute for Nonprofit Journalism (BINJ). It’s not an acronym when you say it. I can’t remember what it’s called. We just talked about this with the IMHO. Anyway, the headline is: Medium abruptly cancels the membership programs of its 21 remaining subscription publisher partners. “Could we have a better metaphor for the way Silicon Valley considers local journalism?” fumed the owner of one of the remaining publications. Aren’t you glad the Recompiler is not built on Medium, Audrey? I’m laughing like I have no derision for publishers. If there’s any schadenfreude coming through my voice, it’s because I have never understood the value proposition in Medium. I think we’ve talked about this before how all of a sudden, everyone is publishing on Medium. And I was like, “Why?” I don’t get it.

AUDREY: Because they handled certain things for you. They gave people good content management interface. I may have used it once but I don’t have strong feelings about it. I just know that, I heard in general people liked it. They gave people a traffic channel. Stuff on Medium gets a boost from being on Medium, from being on that platform. And then they added a revenue model or a potential revenue model which they have then changed like six different times and not in very publisher-friendly ways.

CHRISTIE: I understand why people like the editing interface. It was very simple. I did use it a couple of times mostly to bring in posts from my blog, just because I was like, “What’s all the fuzz?” I did really like reading stuff on Medium. I really liked that you could highlight and share a highlighted bit of text. I’ve been trying to find the equivalent WordPress plug-in for that and I haven’t quite nailed that. But then it seemed to have all the drawbacks of a centralized walled garden. Like how do you make money without just selling people’s user data?

AUDREY: This has really always been the problem with Medium and the reason that I never took to using it. I didn’t think that I would have sufficient control over my content. And I also don’t really trust Ev Williams when it comes to contributor-friendly revenue model assessment. Every interview with him has just been as hand wavy as possible. Just as much like, “Well you know, I’m sure that once we have a lot of users, we’ll figure it out.” And yeah, that isn’t the kind of decision you can make after the fact at the scale that they need to, and have it be really, really effective for the people using it.

CHRISTIE: Is that not sort of the standard way of operating, though?

AUDREY: Absolutely. I just mean that I don’t want my publishing platform to be determined by that.

CHRISTIE: In one of the latest iterations of their business model, they had publishing partners and then media memberships presumably with some kind of rev share. And so this is what they just discontinued. And it said, “Publication owners with active paying members were alerted on April 27th that we intended to begin the process of discontinuing the program on May 7th.” That’s 10 days.

AUDREY: That’s very little time. I think this article has a little bit of an interview or maybe some quotes from people at Medium involved with this where they said, “No, but we extended it,” when people complained. I don’t know. It shouldn’t be on your publishing partners to be really attentive and to know that they need to pushback when you give them an impossible deadline. I’ve been seeing publications leave the platform for the last, it feels like the last two years.

CHRISTIE: I don’t remember the exact details but I remember like this is mentioned in this Nieman Lab article that The Establishment…it says, “No publication has been burned worse throughout these changes, perhaps, than The Establishment, which had been wooed to move off WordPress and entirely onto Medium, and migrated all its content the same day Medium announced its drastic changes early last year.” And I forget exactly what change that was at that time. Do you remember?

AUDREY: I think it did have to do with this subscription stuff. They lost several bigger publications over a previous round of changes. It had something to do with who…I feel like I need a chart. They’ve sort of gone from ‘okay, there was nothing’. And then to get some of these publications on there, they said, “Well, you can sell subscriptions,” like three free articles and then a subscription kind of access. And then they started to centralize that instead of a per publication thing. Medium’s going to control that and they weren’t going to do ads and then they were going to do ads. There’s been a couple of layers of this but it seems like some of the biggest organizations that they were trying to get on board, they then did exactly the opposite of what they needed.

CHRISTIE: I don’t know this business too well, Audrey. You might have a sense of the…but I’m imagining that the customer acquisition process for publications. Just in general, that is a long process. The time from when someone first reads some articles to when they become a subscriber could be a long time period. And then also I’m thinking in terms of renewals. Like when my New Yorker is ready for renewal, I get 400,000 notices. And certainly, over a much longer timeframe than 10 days.

AUDREY: Getting subscribers to renew is kind of slow. You can probably think of all the times that you didn’t get around to it for something.

CHRISTIE: Like my subscription of The Recompiler, maybe?

AUDREY: I think I sent you a postcard at one point.

CHRISTIE: You did. I should re-subscribe.

AUDREY: I’ve tried a lot of different ways to get people to renew because it’s not that I think that people look at and they go, “Uhhh, I don’t know about this.” I think that it’s just hard for everyone to get around to it and I don’t want to do automatic payments for that. I feel like that’s not a very kind thing to do to just automatically re-bill everybody the next year.

CHRISTIE: I think we’ve all been stung by like, “Oh F, I had meant to cancel that,” or, “Oh F, that was not in my budget because it’s only a once a year thing.”

AUDREY: Yeah.

CHRISTIE: I feel like when I was younger and more strapped for cash, like Amazon Prime would hit me that way. It’s another hundred bucks or now it’s gone up to…

AUDREY: 119.

CHRISTIE: Yeah.

AUDREY: So there’s that kind of thing and you’re right, it does take a while for people to subscribe sometimes. I think I hear equal amounts of, “Oh wow, I never knew that this existed. Subscribe.” And it’s like, “Oh, I’ve been meaning to for a long time. I finally subscribed.” There’s this kind of a mix of that. I don’t want to penalize anybody. I don’t want to penalize our readers for not being able to subscribe yet, to not getting around to renewing. If you pay for it, I’ll ship it. But I don’t ever want that to be like a shaming process or difficult. And I certainly don’t want another company to have control over that process for me because they can absolutely turn around and change the rules.

CHRISTIE: This article mentions that some of the…you’d mentioned all these publishers migrating off and some of them never…I don’t know how related this was to losing their platform but some of them never continued publishing. This isn’t just…these more independent publications run on such thin margins and limited resources that having to expectedly or unexpectedly migrate to platform, that’s a huge drain.

AUDREY: Assuming that you can’t just automatically re-bill people. If it’s like a monthly thing and you have to move them all over and they all have to remember to sign up again, if I had to do that, I know that I’d lose maybe two-thirds of our readers just because it’s a lot of work for everybody to remember to do that. And it takes time to send out those renewal messages, those reminders.

CHRISTIE: I don’t know what the lesson is here. I mean, I want to say beware of centralized platforms but also it’s not realistic to have everyone set up their own WordPress.

AUDREY: Right. And the amplification that publications did get from their earlier involvement with Medium, it’s significant. I think all of us little tiny indie publications would love to have that kind of boost. So making people choose between having complete control and thus isolation and giving some stuff over to a silo which may then screw them over, it’s not a fair tradeoff.

CHRISTIE: No, and I totally understand people wanting to have an alternative because as you’ve learned right now the main source of traffic on the web is Facebook and Google. And those have their own barriers.

AUDREY: We both, I think, have started to think about how to get all the Google out of our work anyhow. I mentioned that I was thinking about taking Google Analytics off of a couple of things that they use it on. But the result of that is going to be that I won’t have any way to find out what people search for. I won’t have any way to find out when people use Google or what their search terms are which means that I can get a lot of people looking at an article and have no idea why, because Google has decided to not share that information unless I’m signed up for their services.

CHRISTIE: And that’s the power of monopoly.

AUDREY: Yeah.

CHRISTIE: Anything else on that?

AUDREY: No, I just really hope that the publications that are having to deal with this shift to retain their readers.

CHRISTIE: Do you think Medium will be around in a year’s time?

AUDREY: Yeah, they’re really overly funded.

CHRISTIE: Why??? Give that money to people with talent.

AUDREY: There are certain people who are able to just go out and get [inaudible] with really no plan. And I think that there are a lot of us who would just love to get even a fraction and we’ll give a five minute talk to deserve it with details about how you’re going to make money, keep the customers, provide a good service or product. I think we could outdo what some of these folks offer but they sure know how to work the funding system.

CHRISTIE: Well, great. The next article I want to talk about is now unresponsive. This is weird. On this New Yorker article we’re about to talk in a minute says, “The page that’s become unresponsive is oddm.herokuapp.com and then the name of the article.

AUDREY: I just had it open in Instapaper but now I’m really curious to try. Let’s open the mail link.

CHRISTIE: This is a digression. Let me exit page and I will reopen it again. That didn’t close the page, I’m very confused. Anyway, The New Yorker has a thing where they record some of their articles as audio and I have that so that I can sometimes prepare for the podcast while doing other things. It’s kind of cool. And I’m wondering if it’s using that to do some kind of sync, like the Whispersync. Have you ever used that?

AUDREY: No, I haven’t.

CHRISTIE: It’s the bomb.

AUDREY: You listen to a lot more stuff than I do.

CHRISTIE: Yeah, Whispersync. If you have the Kindle book and you’re listening to an audio book that where you are stays in sync, so if you’re switching back and forth. So that was a little bit of a digression.

AUDREY: Which you can always scrub when you edit.

CHRISTIE: Right…or not. May 7th issue of The New Yorker: The Digital Vigilantes Who Hack Back. American companies that fall victim to data breaches want to retaliate against the culprits. But can they do so without breaking the law? By Nicholas Schmidle. This is a little [inaudible]. Estimates suggest that 90% of American companies have been hacked.

AUDREY: Yep.

CHRISTIE: That’s a huge number.

AUDREY: I had seen that stat before.

CHRISTIE: So basically this article talks….this is basically talking about a ramification of the Computer Fraud and Abuse Act which was enacted in 1986. In part, it was…I know that I know this already but when I’m reminded of it, I still sort of shake my head. But that it was acting in response to concern that computer related crimes might go unpunished and it was in part spurred on by WarGames.

AUDREY: Right, the movie.

CHRISTIE: Yeah, where Matthew Broderick…have you seen this recently?

AUDREY: Relatively recently.

CHRISTIE: Oh my God, they’re so [inaudible]. And so is that modem. It’s that 300 [inaudible]…you know, I used to have one of those. I don’t think it has made it as far.

AUDREY: This is actually that accessibility thing again. Our teacher, my ASL teacher was telling us that modems or the existence of modems was developed in part for that kind of assistive communication. And I didn’t know that. I thought that was really cool.

CHRISTIE: Is that how that first TTY’s worked?

AUDREY: I think so. I’ve been meaning to look it up again so maybe I can find something for the show notes. But the development of the technology was tied to the creation of communication tools for deaf people.

CHRISTIE: I love modems still. We had that. If I still hear the sound, I get like this…

AUDREY: It puts me in a little bit of panic because I had to remember to type in the command every time to silence it or else I would wake everybody up.

CHRISTIE: Right. Modems could be very noisy. I don’t know. There’s something about that. We don’t have that transition anymore. It’s like everything is always online. There’s nothing like I’m going to get home from school and log on.

AUDREY: And go connect.

CHRISTIE: Okay, that’s a little bit of nostalgia there. Kids, ask your parents.

AUDREY: The context is important, though, to understand that we have federal laws against hacking because at some point, people were really, really worried that those kids would hack into something and like you said, go unpunished. And thus, what should be a property crime, a fairly ordinary property crime is instead a federal, against federal law. The FBI will investigate you.

CHRISTIE: And it basically prohibits or makes a crime any unauthorized access or exceeding the access you have been authorized on a computer.

AUDREY: Whether or not you know that that’s what you’re doing.

CHRISTIE: Right.

AUDREY: And what estimated financial damages can be used to determine your sentence.

CHRISTIE: Yikes.

AUDREY: [Inaudible] damages.

CHRISTIE: This law, what is that? That’s 30 years ago or so now, over 30 years. And what this New Yorker piece is all about is that a consequence of this legislation is that when companies are hacked, they basically can only employ defensive measures. They can’t go after the hackers themselves, meaning they can’t figure out where the hackers are coming from, log on to their machine and do something that might stop them. So this includes things like, there’s some analogies to physical security measures such as…there’s a couple of movies where this happens where the bank robbers get the bag of cash and they open it and the ink explodes.

AUDREY: Yeah.

CHRISTIE: Is there [inaudible], I don’t know.

AUDREY: Well, there’s also on clothing. If you’re still [inaudible] those tags. Some of them are dye tags.

CHRISTIE: The first time I ever bought an article clothing from Fred Meyer up here like my first week, it was a bra, I remember, and they left that on. I was like, “Ugh, I don’t want to go back. I’ll just take it off myself.” Oh, my God! I’m pretty sure I destroyed the bra in the process. Yeah, those things. At least, it didn’t have dye in it, that would have been worse.

AUDREY: If you go back with your receipt, they will actually take the tag off for you.

CHRISTIE: The older and wiser me knows that now. So it’s things like having some equivalent of a dye packet or there’s another example they give. I can’t remember what it is. But anyway, things that will sort of sabotage the data or something on the hacker end of things. And also just basically even tracking down who has hacked into your system and finding out what they have hacked basically involves running code on someone else’s machine which would be a violation of the CFAA.

AUDREY: So one of the things that a company would want to do if they were trying to understand who got into their system and what they have are covered under this.

CHRISTIE: Yeah, there’s this quote from this Dave Aitel, a former NSA programmer. He says, “If you’re doing investigatory things and learning things that people don’t want you to learn, then you’re probably executing code on someone else’s machine.” There’s a bill that’s been introduced by Tom Graves, a Republican from Georgia, and it’s co-sponsored by another person from Arizona, I didn’t highlight it. It says, “According to the bill, private firms would be permitted to operate beyond their network’s perimeter in order to determine the source of an attack or to disrupt ongoing attacks. They could deploy beacons, beacons, that’s the other thing, and dye packets and conduct surveillance on hackers who have previously infiltrated the system.” I have all sorts of…it says Graves, who’s also a member of the House Appropriations Subcommittee on Defense believes that private sector deserves some of the “flexibility” that military and intelligence agencies enjoy. That gave me chills not in a good way. Anyway, the piece explains this and then talks about sort of the ramifications of this potentially. And on one side, they’re sort of arguing that firms have very little tools at their disposal to do anything but defensive measures. And on the other hand, this is…”Richard Ledgett, a former NSA Deputy Director, told me that the private sector has become foolishly optimistic about the potential of identifying hackers and hacking back and talks about this issue of attribution.

AUDREY: And that’s a concern that I’ve seen people highlight before that attribution and hacking is extremely difficult.

CHRISTIE: And that you may pick a fight with an enemy you can’t win with.

AUDREY: Somebody who has more resources and better access and better knowledge.

CHRISTIE: They draw the analogy to guns, that more guns on the street hasn’t made America safer. It also says, “Should hacking back become legal, it may well help individual victims of cybercrime but it is unlikely to make the internet a safer place.”

AUDREY: That also makes sense to me. I don’t think that this really addresses that the defensive aspects of this have not been handled very well by those companies. That 90% that they’re talking about, a lot of it came from obvious and inept handling of the need for security.

CHRISTIE: You don’t need offensive hacking to like not freaking have public S3 buckets with private [inaudible].

AUDREY: There’s just so much of this that they actually could be doing. And so, it seems like a little, I guess, [machoed] to me to think that they’re going to like fight back instead of putting better locks on their doors. Like, they are picking a fight. There is probably somebody in all of these organizations that’s very excited about the idea of picking that fight.

CHRISTIE: There’s more things they can sell, right?

AUDREY: Yeah. I don’t know that this is necessarily a positive direction but it is interesting to read about.

CHRISTIE: I think there’s a lot of people who are interested in not having the CFAA go after so many people but I don’t think it’s exactly in this way.

AUDREY: Again, I don’t think that this should be a federal crime anymore than the way that intellectual property laws can be enforced. It should be happening on that level. Just take it back to the defensive aspects of this. Even when you’re doing your best, it’s difficult. But I don’t think that thinking that you’re going to hunt down the perpetrators really makes a lot of sense when in most cases, a lot of hacks aren’t specialized. A lot of it, whether or not it’s a state-sponsored group or just some individual, everybody uses a lot of the same tool kits that you can find online. And we’ve talked about that before, too, but I don’t know. KBOO, our local community radio station, they just got hacked.

CHRISTIE: Yeah.

AUDREY: And it was basically a zero day on Drupal. They patched it as soon as they knew about it but folks were exploiting it just about as soon as it was announced. And the particular exploit was cryptocurrency mining focused.

CHRISTIE: Of course, it was.

AUDREY: So the website’s been down several times in the last week as they address that.

CHRISTIE: I would like to go to it and I was like, “Oh wait, but then will it start mining cryptocurrency in my browser?”

AUDREY: The last e-mail I got was, I think, two days ago. It seemed to imply that they’d mostly gotten it wrapped up. I think that there’s a lot of other things that can happen that don’t involve dye packs.

CHRISTIE: That sounds dramatic and interesting but maybe there’s a different approach.

AUDREY: It sounds like a movie plot thing.

CHRISTIE: All right. What do you love on the internet this week, Audrey?

AUDREY: I’ve been really excited about Eurovision.

CHRISTIE: Okay. What is…as you know, I live on a rock when it comes to pop culture things unless they’re talking about it on Pop Culture Happy Hour. So, if NPR is not aware of pop culture then I don’t necessarily know what it is. So what is Eurovision?

AUDREY: Eurovision is an annual contest put on by, I think it’s called the European Broadcasting Association? It’s basically a bunch of TV networks across Europe and some other places like Australia. So the idea is it’s a European area-wide/region-wide song contest. So every year, the participating countries do their own selection process to pick a song with a performer and an act or performance and to send it to Eurovision. It works like talent shows like American Idol or something, like everybody does their song but then there’s voting which I’m not eligible to do. But there’s two semi-finals and there’s a final tomorrow, on Saturday, if you’re listening live. Unfortunately, everybody else will have to just catch up later. And a lot of the fun is watching the countries go through their selection process and seeing the videos that they release and then picking your favorites to cheer for. And then the semi-finals, seeing who makes the cut. And there’s some drama, there’s some tension and it’s very showy. These are very sometimes silly over-dramatized things. There’s some dancing. It’s just fun performance.

CHRISTIE: Awesome. And you’ve put some links on some of your highlights from the shows?

AUDREY: The live performances have quite…I guess if you watch a lot of shows, you know this. There is quite a level of technical sophistication that live shows can have now. And so, I just want to highlight ones that had like an interesting technology aspect to them. Malta, their live performance used sort of a glitchy multiple screen thing. There’s even a code snippet that appears right at the start. It looks like Java, although I haven’t paused it to see exactly. And then Estonia is an opera singer. This is part of what’s fun too. It’s pop music but Hungary sent a metal band and Estonia has an opera singer. And the opera singer has this amazing dress, this video dress and it’s just really something to watch, plus she’s got a great voice. And then San Marino showed up with the robots. So, little dancing robots. They’re so cute.

CHRISTIE: All right.

AUDREY: It’s on YouTube. If you’re in the US, it will be difficult to watch live. But there are lots of countries that participate and if you’re one of those, then yes, you’ll be able to stream it.

CHRISTIE: All right. So Audrey, how do you feel about laugh tracks?

AUDREY: I don’t know the last time I watched something that had one.

CHRISTIE: Well, I have the podcast redone because…so, Slate has a new podcast called Decoder Ring. I found out about it because this episode was put on the [feed for 99% invisible]. And this episode talks all about the laugh track, what it was. It’s actually far more interesting than I ever realized. It was actually like a machine that this guy custom built and it was played. It wasn’t just sort of the same audience recording over in Oregon. It was actually a machine that had all these different recordings of laughs and it was actually played, and also what happened to it. And the reason for the laugh track in the first place and the reason it went away has a lot to do with entertainment, how we consumed it, and how we went from vaudeville and people consuming entertainment together, to consuming it more individually in their living rooms and have a laugh track sort of gave you that feeling of being with other people that you would have in a theater, and then how it started to go away and how at first the networks really didn’t want to let go of it. And they specifically talked about Aaron Sorkin’s early show Sports Night and how they absolutely did not want a laugh track. And if you ever heard anything that Aaron Sorkin has written, you know that there’s almost no room between dialogues. So you can really hear this disruption and the actors having to wait for the laughter. So I find it pretty fascinating and I thought it was interesting. It’s something that we don’t really think about but also it is a signifier or something of just how our particular relationship with the technology has changed over time. So that’s Decoder Ring: The Laff Box. And it’s spelled L-A-F-F for whatever reason.

AUDREY: Cool.

CHRISTIE: I believe that is our show. Thanks everyone for listening. Thanks, Audrey, for co-hosting.

AUDREY: Thank you.

CHRISTIE: Talk to you all next week.

AUDREY: Bye.

CHRISTIE: And that’s a wrap. You’ve been listening to The Recompiler Podcast. You can find this and all previous episodes at recompilermag.com/podcast. There you’ll find links to individual episodes as well as the show notes. You’ll also find links to subscribe to The Recompiler Podcast using iTunes or your favorite podcatcher. If you’re already subscribed via iTunes, please take a moment to leave us a review. It really helps us out. Speaking of which, we love your feedback. What do you like? What do you not like? What do you want to hear more of? Let us know. You can send email feedback to podcast@recompilermag.com or send feedback via Twitter to @RecompilerMag or directly to me, @Christi3k. You can also leave us an audio comment by calling 503 489 9083 and leave in a message.

The Recompiler podcast is a project of Recompiler Media, founded and led by Audrey Eschright and is hosted and produced by yours truly, Christie Koehler. Thanks for listening.