Co-location – the Super Food of Collaboration

In the western world we have a huge choice of foods that we can eat. We know which ones are good for us, and which ones aren’t, yet many of us are overweight, getting fatter and suffering from the health consequences of poor dietary choices.

The obesity problem is worse in areas of low income – why? One of the  main reasons is that good, healthy food is expensive and for the most part cheap food is unhealthy. This cheap food is normally processed, has travelled a long way from areas of low cost production and is purchased on a whim without the burden of preparation. It makes us feel good because it’s full of sugars and fats that our addicted brains crave but it doesn’t provide a healthy nutritional diet.

Teleconferences are the fast-food of collaboration. We set them up without consideration because they are cheap and immediately accessible. They allow us to use resources from wherever they are in the planet without consideration for those resources and, sometimes, with little consideration for the quality of those resources. They help us to believe that we are collaborating, which we are, but only in the same way as a fast-food burger is food.

Co-located collaboration is different, like organic wholefood it’s more expensive but it’s significantly better for us. The extra expense makes us respect it more so we make sure that we get all of the value out of it that we can. Organic wholefood requires extra preparation to get the right ingredients together but the results are amazing and the same is true for co-located collaboration. Co-located collaboration feeds all of our collaboration dietary needs in a way that the fast-food teleconferences never can, we never really get to know people on teleconferences, they’re just voices. There is marked difference in the level of collaboration that we achieve with people that we have physically met compared to those we haven’t. The most healthy collaboration is achieved when we are co-located with people we know well, this is the super-food of collaboration.

The occasional fast-food teleconference collaboration isn’t going to kills us, but it’s not healthy to live on it.

Our password system is broken, and has been for over 50 years!

There has been a lot of commentary over the weekend about the pronouncement from Nadine Dorries that she shares her login with her staff:

I’m not planning to add to that overall commentary because others have done that already.

The issue that I want to address is that this is that it’s symptomatic of a broken system.

Passwords as a method of verifying authentication was adopted by computing in it’s very earliest of days. Passwords probably originated as a way of identifying who was doing what in the earliest time-sharing system which was MIT’s Compatible Time-Sharing System (CTSS) in the mid-1960s.

This early password system suffered from many of the same problems we experience with passwords today – in other words the password system has been broken for over 50 years and yet we persist.

The CTSS has been documented as the first case of password theft, this was caused by an insider circumventing the system. Allan Scherr, a researcher, wanted more computer time, which was very limited at the time. Scherr came up with the idea that he could increase his own usage by using the time that others weren’t using. He did this by using a privilege that had been granted to him which was to get a physical printout of any of the files on the system, so Scherr asked for a printout of the password file, which was, a text file:

There was a way to request files to be printed offline by submitting a punched card with the account number and file name. Late one Friday night, I submitted a request to print the password files and very early Saturday morning went to the file cabinet where printouts were placed and took the listing out of the M1416 folder. I could then continue my larceny of machine time.

Things got a bit more interesting when Scherr handed the password list out to other students and one of them decided to use it to log in to the computer lab director’s account and leave “taunting messages”.

Since those days in the mid-60’s we have been trying to convince ourselves that passwords are still the right way to go.

We’ve spent many hours training people how best to use passwords – long, complex, changing, non-repeating, etc.

We’ve invested many hours into code to strengthen passwords stores and probably just as many hours deploying, fixing and then redeploying that code.

Many lines of journalistic content have been invested on passwords and password related problems.

Passwords have resulted in an immeasurable volume of hours in lost productivity as people struggle to work out what the right password is. How many times have you lost hours of your working day caused by a password problem?

Then there’s all of the damage caused to individuals and organisations by hacked, poorly protected or poorly handled passwords.

We have, at least, created an opportunity for people to create applications to manage our passwords and to build businesses on the back of that opportunity.

Yet, the fundamental issues that existed 50 years ago still exist and those issues primarily surround the weak link in the password chain and that’s the human. Humans will always circumvent the system from inside. This is normally because people are very poor at estimating the risk of poor password practices and will circumvent them for almost any advantage. I suspect that Nadine Dorries gives her staff her password because there’s an advantage to her to do so, even if it is very unwise.

We’ve fixed the password problems in the physical world by using physical security which limits the access to the person with the physical entity. We started using physical keys as a way of securing physical property over 1000 years ago! Imagine how strange it would seem to go up to your car and type in a password, we’d soon have people patrolling car parks to stop miscreants trying to brute force attack on the car keyboard. How about walking up to a highly secure office environment, tapping on the small window in the door and saying “The weather in Moscow is mild for the time of year”? Would you expect to be let in?

In conclusion, the last 50 years have shown us that passwords have fundamental problems that we shouldn’t expect to fix because that would require humans to change. We need to move to a different authentication system, one based on physical security.

Can you please take 5 seconds and check? It’s a simple 4 step process.

Here’s a fabulous quote from Viktor E. Frankl:

Between stimulus and response there is a space. In that space is our power to choose our response. In our response lies our growth and our freedom.

We live in a world were so many people don’t recognise that a space exists, they respond as soon as the stimulus has arrived.

One of the areas where this is most prevalent is in social media – Facebook, Twitter, Instagram, Linkedin, they all suffer from it. People see the stimulus of a post and respond immediately.

I don’t think that a day goes by without me seeing re-posted content that doesn’t pass the space test. People talk about fake news and fake media, but the primary creators of these phenomena are us and our inability to use the space to validate the stimulus.

Whether it’s the global re-writing of the news (or non-news) about Donald Trump and his ability to feed Koi Carp, or the latest “URGENT: Tell all of your friends…” on Facebook we all need to learn to use the space.

The space doesn’t need to be very big, just a few seconds is all you need to check whether you are responding to something genuine or just creating digital noise.

These are the 4 simple steps:

  1. Recognise that whatever the stimulus says, there is always space.
  2. Filter with suspicion. Most of these things only require a modicum of suspicion.
  3. Check your suspicions. There are numerous ways of doing this quickly.
  4. Choose your response. You have the freedom to choose.

1. Recognise that whatever the stimulus says, there is always space.

It’s not urgent, it might say it is, but it’s not. Anything on social media, or on email that says it’s urgent isn’t so urgent that it can’t wait for a few seconds. If it really required an immediate response then it wouldn’t use email, Facebook, twitter, etc.

You have space, use it.

2. Filter with suspicion. Most of these things only require a modicum of suspicion.

Certain things should always make you suspicious, others are probably fine, the tricky ones are the grey ones.

If it’s too good to be true – it’s suspicious.

If it says it’s urgent – it’s suspicious.

If it says it comes from an organisation with which you have financial ties – it’s suspicious.

If it come via that friend who always re-posts this kind of thing – it’s suspicious.

If it’s out of character – it’s suspicious.

If it says it’s urgent and comes from an organisation with which you have no dealings – it’s beyond suspicious and should just be ignored.

3. Check your suspicions. There are numerous ways of doing this quickly.

Google is probably your best friend when it comes to checking your suspicions. Copy and paste a short extract from the re-post or email and it’s likely that you’ll get a flood of search results along the line of: “Amazon email hoax…”; “Egg Windscreen Attack…” and “Win a $1000 Amazon Gift Card” Facebook Survey Scam

If you want to be a bit more targeted there are specific hoax sites like Hoax-Slayer and fact checking sites like Snopes. This is quite regularly the content that Google is highlighting at the top of the search results.

Once you check you’ll probably be surprised by how long the scam/hoax has been floating around the internet – I’ve seen the Egg on Windscreen one recently, it was first reported in 2009!

4. Choose your response. You have the freedom to choose.

Once you’ve checked you can choose what you do in the light of that checking.

Sometimes the right thing to do is to post a response informing your friend/acquaintance of their foolishness. Be careful doing this, you are, after all, telling someone you know that they are twit and people don’t always respond well to such helpful prompting.

Quite often the best response is to do precisely nothing. It’s not always worth posting anything to correct the friends and acquaintances. The chances are that whoever is going to re-port the re-post has already done it anyway.

Those response are assuming that what they have posted is a verifiable hoax/scam. Another response is to create more space and wait a while. Just because there isn’t any public information to say that something is a hoax doesn’t mean that it isn’t. Give it a couple of days, check again, and your suspicions may well prove to be valid.

The final alternative is, of-course, to re-post whatever it is that someone has asked you to highlight. You only have to do this if you really want to, remember: “In our response lies our growth and our freedom.”