Managing your identity theft protection

World Password Day is Thursday, I know all of my readers are gearing up major parties to celebrate. What, you don’t know about this day in flackery?  Read on.

I know my inbox runneth over with WPD PR pitches. Perhaps you have already planned your day, such as noting yet another account of yours that has been breached? Another chance to reuse that password from 1992? Time to get another password manager other than Lastpass? Or perhaps just have a cupcake decorated with ones and zeros? (Image credit: Google’s Gemini)

Here is how I am celebrating. I am actually reviewing the two free identity protection services that I have been granted, thanks to two recent and massive data breaches. One is from the credit bureau Experian, the other from a company called IdentityDefense.com. Normally, these outfits charge anywhere from $10 to $30 a month, and in the past I have not been motivated to use these, or any other service. Here is the problem: being a privacy paranoid person, I don’t want to give out any of my numbers. Yet to sign up for these services, you have to lay it all out there: SSN, birth date, previous addresses, drivers license, phone numbers and so forth.

Some things you might want to know: my wife and I have had spurious credit card charges over the years — one just recently where someone kept trying to charge a rideshare in San Francisco repeatedly. And I think her credit is still frozen (although I don’t recall when we got it or if we actually unfroze it).

The dashboard for IdentityDefense looks like this:

You’ll notice that it shows you a bunch of dark web alerts (where a bunch of passwords have been collected after a breach by some baddie), my credit score (nice), and a bunch of other stuff. The alerts all date from when I initiated the service last month and haven’t been updated. Some of these alerts are less than meaningful, such as the breach of Xss.js that was found in May of 2018 or the one called Combolist_bundles_solenya from December of 2017. I have no idea what these were, and if actually wanted to change my password, where to go about doing so. On some of the other dark web listings, the breach id’ed an actual website where I didn’t ever have an account. So right away, you can see that this information isn’t very helpful.

One thing that IdentityDefense does have is a way to file online credit freezes for the three credit agencies. You could probably find the web pages for these on your own, but still, it is nice to have this all here in one place.

Let’s look at the Experian ID works dashboard. It is less than useful:

This is because almost everything that you want to know about will require a lot of clicking around, For example, you see the “CreditLock” panel — that is slightly more than a freeze, because you can lock and unlock it in real time, and of course this is just for Experian. When you find your way to the dark web alert report, you will also see a lot of useless data, such as an email address for me that I have never used, although attached to my actual phone number. One alert had both the right phone and email for a breach from Apollo.io in July 2018, never heard of them, and when I tried to reset my password on their site, it claimed no one with that email has an account.

There is another service that businesses use to manage their dark web and other threats that I have used from time to time from CyberSixGill.com, where I wrote a white paper for them a few years ago. That paper spoke to this situation of not having very complete information about what was breached, or how metadata on the breach wasn’t of sufficiently high-enough quality or complete enough to be actionable. I wrote that you should be able to visualize the context of the threat and figure out where you were compromised, and what you should do in the future to prevent something similar from happening. That is still very much the case.

And if you are in the market for one of these services, you can read Paul Bischoff’s hands-on review of these and other services here on Comparitech. He puts them through more rigorous testing, and recommends services depending on how much of your life you want to divulge and then protect, and how complex a financial situation you might have.

So you should know by now that when something is free, it may or may not have any value to you. That latter situation is certainly the case with these protect-after-breach situations. Far better to have stronger (long and complex) passwords that are unique and managed by a service other than LastPass (I use Zoho Vault, which is free and does have value).

And if you are still in the mood to celebrate WPD, this comment from a security nerd from 2018 is instructive: “Happy WorldPasswordDay. Or in 90 days, WorldPassword1 Day.” Last year, I wrote: “Maybe on WPD in 2024 we can finally break out the bubbly and celebrate their actual demise.” Nope, not yet, put that bottle back in the fridge.

Beware of the pink slime website

Jack Brewster built his own hyperlocal news website in a couple of days and with a grand total investment of $105. What is significant is the circumstances by which he accomplished this. He used these funds to hire a programmer that he never met. Although Brewster had no other specialized expertise, he was able to launch a fully automated, AI-generated “pink slime” site capable of publishing thousands of articles a day. What is scary is that he could tune the AI to create whatever partisan bent and nearly all of the articles were rewritten without credit from legitimate news sources. Brewster is a reporter for the Wall Street Journal and describes his process here. “The appearance of legitimacy is everything online, and pink-slime websites are a serious menace,” he concluded.

This is the first time I have heard the term. It is certainly evocative, and dates back a few years. I last wrote about this condition in the pre-AI era, when actual people were being paid close to nothing to create this so-called content. That link has a bunch of resources to help you spot these fakes, but as AI gets better at sounding like some overblown windbag commentator, it will certainly get harder to discriminate what is real and what isn’t.

Apparently, slime pays. His programmer has built hundreds of these types of slimery, and is one of many, many people who advertise their services on Fiverr and other employment-as-a-service websites. What they are doing isn’t (yet) illegal, but makes me (and Brewster for that matter) uncomfortable. He set up his site behind a paywall, but the WSJ piece has a screencap where you can see what it looks like.

Speaking of Fiverr, long ago and in a galaxy far, far away I set up my own site to sell my freelancing services. Needless to say, I had no takers. My rate was a lot higher than the programmer Brewster hired for his website.

Brewster does misinformation tracking for a living, so it is somewhat ironic that he paid to produce his own slime site. His operation, Newsguardtech.com, has tracked more than a thousand slimy sites, and offers browser extensions and various other tools to rate news sites, both slimy and (supposedly) legit ones.

Of course, that isn’t the only development of genAI content. This movie trailer looks so airbrushed that it is hard to watch. One reviewer wrote:

It is not clear whether the trailer is bouncing between different characters, or if TCL has been unable to figure out how to keep them consistent between scenes. The lip-synching is wildly off, the scenes are not detailed, walking animations do not work properly, and people and environments warp constantly.

All I can say, this is one bad movie trailer, and I am sure an even worse movie.

I guess it is a testament to the progress of genAI that we have come so far, so fast. And perhaps this is yet another reduction of the circumference of the noose around my own neck, or an indication of how my astronomical pay rates (at least, seen in this AI/Fiverr context) really are.

Dark Reading: Electric vehicle charging stations still have major cybersecurity flaws

The increasing popularity of electric vehicles isn’t just a favorite for gas-conscious consumers, but also for cyber criminals that focus on using their charging stations to launch far-reaching attacks. This is because every charging point, whether they are inside a private garage or on a public parking lot, is online and running a variety of software that interacts with payment systems and the electric grid, along with storing driver identities. In other words, they are an Internet of Things (IoT) software sinkhole.

In this post for Dark Reading, I review some of the issues surrounding deployment of charging stations, what countries are doing to regulate them, and why they deserve more attention than other connected IoT devices such as smart TVs and smart speakers.

Forget TikTok bans. Think about connected Chinese cars.

This week our Congress is crafting legislation to remove TikTok from our lives. It is as misplaced as Nancy Reagan’s “Just Say No to Drugs” campaign — and perhaps as empty a gesture. Yes, there are real issues with all that social media metadata ending up on some Chinese hard drive, and the notion that ByteDance can separate its US operations and clouds from Chinese ones shows how little our lawmakers understand technology.

Instead, I would like you to think about the following companies: Nio, Inceptio, XPeng and Zeekr. Ever heard of any of them? They are all major Chinese EV companies, and all of them pose a much bigger threat to our data privacy and national security than TikTok. By way of reference, China has hundreds of car makers, and they are all obligated to transmit real-time data to their government. Now they want to sell them here and are doing road tests.

Last fall, another bipartisan group of lawmakers sent letters to these and other Chinese EV makers, wanting to get more transparency about the data they collect on their cars . I haven’t seen the responses, but guess the truthful answer is “we collect a lot of stuff that we aren’t going to tell you about, and we have to share it with the CCP.”

Last week, the Commerce Department issued its own request and asked for public comments as part of its role to consider its own series of regulations. The department is investigating the risks of EV and other connected vehicles on national security and potential supply chain impacts of these technologies. Interestingly, it is finally acting on a Trump Executive Order. Another bipartisan effort. The document linked above asks for a lot of details about obvious data collection methods. If I were running a Chinese car company,  I would think about designing systems that would be less obvious. One of the things these Chinese car makers are quickly learning is how to become better software companies, thanks to the Tesla business model. (Tesla also makes and sells its cars in China BTW.)

While there are hundreds of millions of TikTok US users, some of whom are adults, the threat from car metadata is much more pernicious, especially when it could be paired with phone location data from passengers sitting in the same vehicle. What they both have in common is that all this data is being collected without the user’s knowledge, consent, or understanding who is actually collecting it.

Those phones have been recording our movements for quite some time, without any help from China. There are so many stories about tracking the jogging routes of US service members at foreign military bases, or tracking a spouse’s movements, or figuring out where CIA employees stop for lunchtime assignations near Langley, etc. But that pales in comparison to what a bunch of CPUs and scanners sitting under the hood can accomplish on their own.

Remember war driving? That term referred to someone in a car with a Wifi scanner who could hack into a nearby open network. That seems so quaint now that a car could be doing all the work without the need for an actual human occupant. I guess I will go back to watching a few Taylor vids on TikTok, at least until the app is removed by Congress. In the meantime, you might want to review your own location services settings on your phones.

The coming dark times for tech won’t be anything like the 2000s

My former colleague Dave Vellante has written a nice comparison of the current tech  contraction with the dot-com-bust of 2000. He makes interesting points about several factors, such as the roles played by Netscape and OpenAI as innovators and Nvidia and Cisco as major players, the stock market bubbles, and risks and rewards along the way. However, he is missing one critical element: the population of tech workers has been shrinking and the pace of the layoffs is increasing. And the way people were laid off now and then has some big differences.

Granted, back in 1999-2000 there were fewer overall tech workers, (as an example, Microsoft went from around 40k in its 2000 staff to 200k today, Amazon grew from a few thousand to >1M) and many of the tech companies were small, in some cases very small. The big difference then and now was the pace of the layoffs. Back then, they happened quickly. But now tech co’s have been laying off workers since the pandemic, but in big numbers by comparison.

In the past few years there have been several rounds of layoffs at Spotify, ByteDance, Amazon, Twillio, LinkedIn, SecureWorks, Microsoft, Meta, and Twitter which added tens of thousands to the unemployment lines. And sure, there are plenty of startups that even got their series A’s that went under in the past couple of years — that is to be expected. But the contemporary situations are from established companies that are having their first serious contractions.

Will some of these folks start their own companies? Sure. But tens of thousands? Not so sure.

But part of the problem — perhaps most of the problem, apart from the lowering business demand in the tech sector — is the way we all are returning to work in the spaces previously known as our offices. Back when we were in the midst of the pandemic, remote work took on new relevance and meaning, and caught on quickly around the world in many different ways, some good and some bad. Take Slack for example: they went 100% to remote work back in 2020. Other tech companies were less enthusiastic, such as Google. And what I have seen is these less enthusiastic companies were some of the first to revoke home-working policies and mandate people to return to one of their offices.

Early on in the pandemic, I put together this pod with my partner Paul Gillin about some things to consider for the newly minted home worker. Those were more practical suggestions on what equipment to purchase and how to best secure your home. For a somewhat different treatment, I wrote this blog for Avast on how to craft equitable policies to encourage and evaluate home workers. Those pieces seem rather quaint now, and they assumed that once all this remote stuff was unleashed, we would stay that way.

That is not the case anymore. Four years later, many tech workers are told to return to their offices. And the changes are confusing as companies try to adjust and populate their expensive downtown real estate. This makes no sense to me, and the latest dictums from Dell (for example) are guaranteed to have them lose more people, which could be the hidden reason for them. It is almost that we forgot the productivity gains during Covid when people worked from home. Or companies were eager to see their workforce sitting in those awful bullpens where everyone was on headsets.

The return to the office says one thing about tech: they have done a lousy job at developing middle managers, who are insecure about handling underlings that they can’t see or be physically nearby. It really is a shame: all this remote access tooling that has been developed over the decades, and the one group of companies that you would think would figure this out are the first in line to recall their staffs.

Also gone from today’s tech offices are some of the lavish benefits that were put in place to attract talent. Anyone getting free massages, catered meals and taking yoga classes these days? It would be an interesting cohort for some research project.

Finally, there is my own cohort — tech journalists, who are being laid off once again in this latest cycle. The difference between now and 20-some years ago was we had printed magazines that were supported by millions in ad revenues to pay the way. Then the web wiped out that business model and giants such as PC Week and Infoworld went scrambling. Some of the large tech-oriented websites such as Vice have shut down, and I am sure more will follow.

Yes, AI is exciting, and there is a lot of work being done — even by humans — in the field. But it requires real capital and real brainpower, and not just sock puppets and a cute dot com name. Or at least, I hope so. And building a trust with your remote employees: the best ones will eventually migrate to companies with more liberal remote policies.

Fighting election misinformation

Last week I wrote about the looming AI bias in the HR field. Here is another report about the potential threats of AI in another arena. But first, do you know what the states of California, Georgia, Nevada, Oregon, and Washington have in common? Sadly, all of them have election offices that received suspicious letters in the mail last year. This year is already ramping up and many election workers have received death threats just trying to do their — usually volunteer — jobs. Many have quit, after logging decades of service.

I have been following election misinformation campaigns for several years, such as writing about whether the 2020 election was rigged or not for Avast’s blog here. By now you should know that it wasn’t. But this latest round of physical threats — many of which have been criminally prosecuted — is especially toxic when fueled with AI misinformation campaigns. The stakes are certainly higher, especially given the number of national races — CISA has released this set of guidelines.

And the election threats aren’t just a domestic problem. This year will see more than 70 elections in 50 countries — many of them where people are voting for their heads of state, including India, Taiwan, Indonesia and others. Taken together, 2024 will see a third of the world’s population enter the voting booth. Some have seen huge increases in online voters: India’s last national election was in 2019, and since then they have added 250 M internet users, thanks to cheap smartphones and mobile data plans. That could spell difficulties for first-time online voters.

All this comes at a time when social media trust and safety teams have all but disappeared from the landscape, indeed the whole name for these groups will become a curiosity a few years from now. Instead, hate mongers and fear mongers celebrate their attention and unblocked access to the network. (To be fair, Facebook/Meta announced a new effort to fight deepfakes on WhatsApp just after I posted this.)

While the social networks were busily disinvesting in any quality control, more and better AI-laced misinformation campaigns have sprouted, thanks to new tools that can combine voices and images with clickbait headlines that can draw attention. That is not a good combination. Many of the leading AI tech firms — such as OpenAI and Anthropic — are trying to fill the gap. But it is a lopsided battle.

While it is nice that someone has taken up the cause for truthiness (to use a phrase from that bygone era), I am not sure that giving AI firms this responsibility is going to really work.

An early example happened in the New Hampshire presidential primary, where voters reported receiving deep fake robocalls with President Biden’s voice. As a result, the account used for this activity was subsequently banned. Expect things to get worse. Deepfakes such as this have become as easy as crafting a phishing attack (and are often combined too), and thanks to AI they are getting more realistic.It is only a matter of time before these attacks spill over into influencing the vote.

But deepfakes aren’t the sole problem. Garden-variety hacking is a lot easier. Cloudflare reported that from November 2022 to August 2023, it mitigated more than 60,000 daily threats to US elections groups it surveyed, including numerous denial-of-service attacks. That stresses the security defenses to organizations that never were on the forefront of technology, something that CISA and others have tried to help with various tools and documents, such as the one mentioned at the top of this post. And now we have certain elements of Congress that want to defund CISA just in time for the fall elections. Bad idea.

Contributing to the mess is that media can’t be trusted to provide a safe harbor for election results. Look what happened to the Fox News decision team after it called — correctly — Arizona for Biden back in 2020. Many of their staff were fired for doing a solid job. And while it is great that Jon Stewart is back leading Comedy Central’s Monday night coverage, I don’t think you are going to see much serious reporting there (although his debut show last week was hysterical and made me wish he was back five days a week.

Of course, it could be worse: we could be voting in Russia, where no one doubts what the outcome will be. The only open question is will its czar-for-life get more than 100% of the vote.

The looming AI bias in hiring and staffing decision-making

Remember when people worked at jobs for most of their lives? It was general practice back in the 1950s and 1960s. My dad worked for the same employer for 30 or so years. I recall his concern when I changed jobs after two years out of grad school, warning me that it wouldn’t bode well for my future prospects.

So here I am, ironically now 30-plus years into working for my own business. But this high-frequency job hopping has also accelerated the number of resumes that flood a hiring manager, which in turn has motivated many vendors to jump on board various automated tools to screen them. You might not have heard of companies in this space such as HireVue, APTMetrics, Curious Thing, Gloat, Visier, Eightfold and Pymetrics.

Add two things to this trend. First is the rise in quiet quitting, or employees who just put in the minimum to their jobs. The concept is old, but the increase is significant. Second and the bigger problem is another irony: now we have a very active HR market segment that is fueled by AI-based algorithms. The combination is both frustrating and toxic, as I learned from reading a new book entitled The Algorithm, How AI Decides Who Gets Hired, Monitored, Promoted, and Fired and Why We Need to Fight Back Now. It should be on your reading list. It is by Hilke Schellmann, a journalism professor at NYU, and it examines the trouble with using AI to make hiring and other staffing decisions. Schellmann takes a deep dive into understanding the four core technologies that are now being deployed by HR departments around the world to screen and recommend potential new job candidates, along with other AI-based tools that come into play to evaluate employees performance and try to inform other judgments as to raises, promotions, or firing. It is a fascinating look at this industry, fascinating and scary too.

Thanks to digital tools such as LinkedIn, Glassdoor and the like, sending in your resume to apply for an opening has never been easier. Just a few clicks and your resume is sent electronically to a hiring manager. Or so you thought. Nowadays, AI is used to automate the process: These are automated resume screeners, automated social media content analyzers, gamified qualification assessments, and one-way video recordings that are analyzed by facial and tone-of-voice AIs. All of them have issues, aren’t completely understood by both employers and prospects alike, have spurious assumptions and can’t always quantify the important aspects of a potential recruit that would ensure success at a future job.

What drew me into this book was that Schellmann does plenty of hands-on testing of the various AI services, using herself as a potential job seeker or staffer. For example, in one video interview, she replies to her set questions in German rather than English, and receives a high score from the AI.

She covers all sorts of tools, not just ones used to evaluate new hires, but others that fit into the entire HR lifecycle. And the “human” part of HR is becoming less evident as the bots take over. By take over, I don’t mean the Skynet path, but relying on automated solutions does present problems.

She raises this question: “Why are we automating a badly functioning system? In human hiring, almost 50 percent of new employees fail within the first year and a half. If humans have not figured out how to make good hires, why do we think automating this process will magically fix it?” She adds, “An AI skills-matching tool that is based on analyzing résumés won’t understand whether someone is really good at their job.” What about tools that flag teams that have had high turnover? It could be two polar opposite causes: a toxic manager or a tremendous manager that is good at developing talent and encouraging them to leave for greener pastures.

Having my own freelance writing and speaking business for more than 35 years, I have a somewhat different view of the hiring decision than many people. You could say that I either had infrequent times that I was hired for full-time employment, or that I face that decision multiple times a year whenever I get an inquiry from a new client, or a previous client that is now working for a new company. Some editors I have worked for decades as they have moved from pub to pub, for example. They hire me because they are familiar with my work and value my perspective and analysis that I bring to the party. No AI is going to figure that out anytime soon.

One of the tools that I have come across in the before-AI times is the DISC assessment that is part of the Myers-Briggs, which is a psychological tool that has been around for decades. I wrote about my test when I was attending a conference at Ford Motor Co. back in 2013. They were demonstrating how they use this tool to figure out the type of person who is most likely to buy any particular car model. Back in 2000, I wrote a somewhat tongue-in-cheek piece about how you can use Myer-Briggs to match up our personality with that of our computing infrastructure.

But deciding if someone is an introvert or an extrovert is a well-trod path, with plenty of testing experience over the decades. These AI-powered tools don’t have much of this history, are based on data sets that are shaky with all sorts of assumptions. For example HireVue’s facial analysis algorithm is trained on video interviews with people already employed by the company. That sounds like a good first step, but having done one of those one-sided video interviews — basically where you are just talking to the camera and not interacting with an actual human asking the question — means you aren’t getting any feedback from your interviewer, either with subtle facial or audio clues that are part of normal human discourse. Eventually, in 2021, the company stopped using both tone-of-voice and facial-based algorithms entirely, claiming that natural language processing had surpassed both of them.

Another example is capturing when you use your first person pronouns during the interview — I vs. we for example. Is this a proxy for what kind of team player you might be? HireVue says they base their analysis on thousands of questions such as this, which doesn’t make me feel any better about their algorithms. Just because a model has multiple parameters doesn’t necessarily make it better or more useful.

Then there is the whole dust-up on overcoming built-in AI bias, something that has been written about over the years going back to when Amazon first unleashed their AI hiring tool and found it selected white men more often. I am not going there in this post, but her treatment runs deep and shows the limitations of using AI, no matter how many variables they try to correlate with their models. What is important, something Mark Cuban touches on frequently with his posts, is that diverse groups of people produce better business results. And that diversity can be defined in various ways, not just race and gender, but by people with disabilities both mental and physical. The AI modelers have to figure out — as all modelers do — what is the connection between playing a game, or making a video recording, and how that relates to job performance? You need large and diverse training samples to pull this off, and even then you have to be careful about your own biases in constructing the models. She quotes one source who says, “Technology, in many cases, has enabled the removal of direct accountability, putting distance between human decision-makers and the outcomes of these hiring processes and other HR processes.”

Another dimension of the AI personnel assessment problem is the tremendous lack of transparency. Potential prospects don’t know what the AI-fueled tests entail, don’t know how they were scored or whether they were rejected from a job because of a faulty algorithm or bad training data or some other computational oddity.

When you step back and consider the sheer quantity of data that can be collected by an employer: keystrokes on your desktop, website cookies that record the timestamp of your visits, emails, Slack and Teams message traffic, even Fitbit tracking stats — it is very depressing. Do these captured signals reveal anything about your working habits, job performance, or anything really? HR folks are relying more and more on AI-assistance, and now can monitor just about every digital move that an employee makes in the workplace, even when that workplace is the dining room table and the computer is shared by the employee’s family. (There are several chapters on this subject in her book.)

This book will make you think about the intersection of AI and HR, and while there is a great deal of innovation happening, there is still much work to be done. As she says, context often gets lost. Her book will provide plenty of context for you to think about.

I find more central office lore in Seattle

I have a thing about the telephone central office (CO). I love spotting them in the wild, giving me some sense of the vast connectedness that they represent, the legal wrangling that took place over their real estate, and their history in our telecommunications connectedness. That is a lot to pack into a series of structures, which is why I am attracted to them.

I wrote that six years ago and it still holds true. This week I added a new CO to my “collection” of favorite places, one that calls itself a connections museum that occupies the top floors of a working CO in an industrial area of Seattle. It is an interesting place, but the label isn’t quite appropriate: it is more an interactive time machine that will take you back over the past 100 years of telecom history. Yes, you will find working models of phones of yesteryear (such as this 1908 wall phone model shown here), but the real treat — especially for this networking geek — are the electromechanical switch fabrics that were once found in every CO on the planet, and now are extinct.

In the pre-TCPIP, analog landline days, every phone had to be connected via a slender pair of copper wires from one’s home (or business) to the CO. That is a lot of wire. Once that pair entered the CO premises, it was connected to these huge machines to make and receive phone calls. That is a lot of wire that is presently unused, such as what can be found in my own home. I think I used my last landline around 2002 or so.

What is both impressive and hard to comprehend in the Seattle CO is how enormous this equipment is, and how small the current digital switches and IP-based networking gear is by comparison. I have seen numerous mainframe computers and they are no small objects. But panel frames and crossbar switches loom large and have a distinctly oily smell, which gives away their mechanical nature. Even with all of its moving parts — and there are thousands of them — these beasts worked flawlessly for decades to place our phone calls.

The other thing that becomes clear walking around the Seattle CO is how extensible phone tech was. The phone network connected gear of many different vintages — there even were examples of those quirky 1960s-era video phones that we now carry around in our pockets and think nothing unusual of making such calls.

The place is an active test bed for the old phone tech, and numerous volunteers have devoted many hours to try to resurrect the tech into some operational semblance. That is quite an achievement, because the surviving documentation is incomplete or incomprehensible or both. Trial by error and patience are important skills to make this stuff come back to life.

Museum docents will take you around the CO, patiently explain what is going on, and show you the process of completing a phone call from one phone to another. There are also phone switchboards that Ernestine would be at home operating, and visitors can do the one-ringy-dingy themlseves.

One thing that I had forgotten about was the importance of real estate with these COs. Back in the 2000s, when DSL technology was coming into vogue, the local phone companies weren’t too happy about having some competition for their communications and tried to stop the DSL vendors from installing their gear in the COs. What became obvious as they attempted to create legal roadblocks was there was plenty of room for the new stuff. This is because as these old crossbar switches were replaced, there was plenty of floor space to hold a couple of 19-inch racks of digital gear. (BTW, that standard harks back to the 1890s.)

As I was leaving the CO, a tour group was coming in. The group was dressed up in what they called steam punk costumes (it looked more Dickensian to my untrained eye) but seemed very appropriate: people who understand the broad sweep of history and wanted to recall a bygone era. While I didn’t need any change of clothes, I recognized kindred spirits.

Can Movable Type become a useful AI writer’s tool?

Once upon a time, when blogs were just beginning to become A Thing, the company to watch was Six Apart. They have blogging software called Movable Type. Then the world shifted to WordPress, and soon there were other blogging platforms that turned Movable Type into the Asa Hutchinson of that particularly market. (What? They are still around? Yes and account for about one percent of all blogs.)

Well, Asa no more, because the company has fully embraced AI in a way that even Sports Illustrated (they recently fired their human writers) would envy. If you have never written a book, you can have a ready-made custom outline in a few minutes. All it takes is a prompt and a click. You don’t even have to have a fully-formed idea, understand the nature of research (either pre- or post-internet), or even know how to write word one. (There are other examples on their website if you want to check them out.)

MovableType’s AI creates “10 chapters spanning 150+ pages, and a whopping 35k+ words” (or so they say) of… basically gibberish. They of course characterize it somewhat differently, saying its AI output is “highly specific & well researched content,” It isn’t: there are no citations or links to the content. The output looks like a solid book-like product with chapters and sub-heads but is mostly vacuous drivel. The company claims it comes tuned to match your writing style, but again, I couldn’t find any evidence of that. And while “each chapter opens with a story designed to keep your readers engaged,” my interest waned after page 15 or so.

Perhaps this will appeal to some of you, especially those of you that haven’t yet written your own roman a clef. Or who are looking to turn your online bon mots into the next blockbuster book. But I don’t think so. Writing a book is hard work, and while it is not growing crops or working in a factory, you do have to know what you are doing. The labor involved helps you create a better book, and the process of editing your own work is a learned skill. I don’t think AI can provide any short cuts, other than to produce something subpar.

I have written three books the old fashioned way: by typing every word into Word. Two of them got published, one got shelved as the market for OS/2 moved into the cellar from the time of the book proposal. I got tired of rewriting it (several times!) for the next big movie moment of IBM’s beleaguered OS that never happened. The two published books never made much money for anyone. But I did learn how to write a non-fiction book, and more importantly, write an outline that was more of a roadmap and a strategy and structure document. This is not something that you can train AI to do, at least not yet.

When I read a book, I cherish the virtual bond between me and the author, whether I read my go-to mystery fiction or a how-to business epic. I want to bathe in the afterglow of what the author is telling me, through characters, plot points, anecdotes, and stories. That is inherently human, and something that the current AI models can’t (yet) do. While MovableType’s AI is an interesting experiment, I think it is a misplaced one.

Is it time to upgrade my hearing aid?

More than five years ago, I wrote about my journey acquiring my first hearing aid. With a new insurance plan with hearing benefits, I thought it was time to take another look and see where the latest aids can help me with my high frequency hearing loss and tinnitus.

Now there are three components of your hearing that will motivate you to get an aid. First, you have some kind of hearing loss (as I said, for me it is the higher frequencies, which is typical for older folks) and you want to hear things better. Second, the type of sounds you “hear” with your Tinnitus, and whether you want these masked with an aid or some combination of audio processing and masker. Tinnitus can vary by time of day, whether you have gotten enough sleep, or by stress levels. If this describes you, then ideally you want to be able to adjust the masking technology according to give you the greatest comfort. Part of the issue here is that you may not want to become a DIY audiologist or software engineer.

Finally, how the aids interact with each other to place you in a sonic environment so you can understand what is going on around you. Given that I am completely deaf in one ear and that I need only one aid, this isn’t relevant for me.

If you haven’t read my original blog post when I first bought my aid, now would be a good time to go do that to remind yourself of that process.

But buying the first aid may seen easy when you consider a complicated journey to upgrade your aid. This is because the hearing aid medical industrial complex is just that — complicated. And while there are professionals that can be helpful, you have to first know the right questions to ask, second know what the aids can and cannot do, and have a great deal of patience being the hearing-deprived patient. Oh, and be prepared to spend lots of time and money when you do get your aid.

You would think that already having an aid would mean that you have already dealt with these issues. But you would be wrong. The replacement market is truly a different ball game. This is because being human, our hearing changes as we age. And the aid technology marches on, which means your beforetime knowledge is outdated. And that you now have a standard — your existing aid — to compare things with introduces new complexities.

There is one other factor, that you can now purchase aids over the counter. That is fine if you have a simple hearing loss, don’t have to muck around with the frequency controls, and don’t have a lot of Tinnitus. Yes, no and no for me. So this wasn’t an option. The OTC aids generally cost less, but don’t include much in the way of hand-holding and servicing. This is not like buying a blender: instructions and personal demonstrations are essential to their operations. You might not like the initial fit of the instrument, or be confounded with its numerous settings.

The OTC aids don’t really give you the best price comparison either. When you buy an aid from an audiologist, you are actually paying for a service contract for a period of time and this contract may or may not cover all problems or has exceptions (like water damage).

As I mentioned previously, for the past five plus years I have been using one of the Starkey models. I was generally happy with it. I made an appointment with a different audiologist than the one I had been seeing for the Starkey, just to see how the two approach solving my problems. I give the new audiologist, a woman whom I will call B, props in thoroughness, and knowledge, and service. She spent nearly two hours on my first visit, and wanted to schedule several follow up visits. She told me that I am her first Tinnitus patient who is not a new hearing aid user. We will get to why that matters shortly.

B has worn aids since childhood, a perspective of which I liked. She had some very fancy gear to test your aid’s programming, which I liked as well. Think about the device that an optometrist uses to determine if your glasses prescription matches the actual optics. She puts every aid she sells through this device, to ensure it is programmed properly.

Why is this important? Modern hearing aids are more software than hardware and can be programmed in one of three ways: At the factory when they are assembled and make use of various automatic sound processing features (to soften noisy environments, to enhance the frequencies used in human speech, to change the microphone coverage area to the sides or in front of you, and other things).

But one piece of programming is very important to me, and that includes figuring out the Tinnitus masking sounds, which can be tricky to deal with. Everyone has different “ringing” sounds as part of their Tinnitus affliction, some relatively simple sounds (such as I have) and some that vary in terms of frequency, period, and loudness. The aids do some counter-programming — meaning they produce their own sounds — to try to keep your attention away from the tinnitus, at least that is the working theory of the moment.

Second, the audiologist has the ability to change some of its programming that affects its audio processing and also set up pre-set conditions that you can access with the buttons on the aid or on its smartphone app. I mentioned to B that one night my wife accidentally slammed a cabinet door — the sound of which, amplified by my new aid, almost made me jump. She told me that she could program the “door slam sound” (yes, this is a thing) to soften it up.

Yes, there is an app for that, and the different vendors do a varying job on their apps. The app — the third piece in this puzzle — is what you fiddle with yourself (assuming you have a smartphone and that you want to do this). Each aid manufacturer has different models with varying features — which you may or may not need. Tinnitus masking generally is included in the higher end (and pricier) products, just my luck.

One of the things that I will be doing over the next week or so is to try them out in different sonic environments and see if one of them is worth the cost of the new aid, or I can still get by with the old aid with a few simple adjustments.

So B recommended that I check out the Resound models. She likes their app, which has a lot of controls, as you can see from the screenshots. This was very obvious when I compared it to the app that controls my old Starkey aid, which doesn’t have as many Tinnitus pre-set controls either available to the audiologist or on the app itself.

I should mention one other complicating factor. My old aid had regular batteries that needed replacement every week or so. But most of the newer aids have rechargeable batteries that last about a day on a charge and probably need complete replacement every three years. I don’t mind the non-rechargeable kind but you may feel otherwise.

Then there is the matter of insurance. My insurance plan covers $2000 per aid, but this is a deceptive situation, as some audiologists don’t take insurance (such as B) because they don’t want to bother with the reimbursement. But she is very upfront about the services she provides to make sure your aids are the right choice for you, and includes several visits the first year you buy an aid from her.

The insurance issue is a vexing one. For years, my plans had no coverage, so it was easier. There are three problems: first, as you say, limited reimbursement on part of the costs, which still leaves them expensive. Second, a general lack of transparency about pricing. Each audiologist can set prices independent of others, which as I mentioned bundles in a certain level of service. This makes it hard to shop around. Selling OTC aids was supposed to make things more transparent, but it hasn’t.

So let’s take a step back here. The issue for the aids is what problem are you trying to solve. For example, I would like better Bluetooth fidelity (especially when I am outside, which renders my old aid almost useless), better control over the masker, and more options in general for the smartphone app. Not all aids deliver all of these features. And sometimes you don’t know what is important until you try out the aid and hear it for yourself. Or see the app’s controls and decide whether you want to spend your day fiddling with them.

After spending a few days with my new Resound aid, I decided I would stick with the tried and true Starkey. Much as I would like the latest and greatest tech, I just couldn’t justify the extra bucks. Perhaps when it finally bites the dust that will force my decision, but by then there will be something even more techy.