Being a nerd, I love gadgets and toys. I also love to cook… and my love of gadgets finds no better home that in a kitchen supply store. I remember purchasing a beautiful mandolin… All chrome and lots of blades and gadgets… and all in a hefty black case to keep it all together. It was beautiful.

The problem is that I placed beauty above usability. I loved the shiny and the toys and thought they'd come in useful someday. It didn't occur to me that the entire process of getting out the case, setting the mandolin up for use, finding the right blade, would be so annoying that I'd avoid using it. There's very little you can do with a mandolin that you can't do with a knife… and the knife is right next to you, ready to be used. I never used the mandolin.

I believe human eyesight differentiates objects based on three fundamental characteristics: Lighting, Distance, and Motion. Lighting is broad as it includes color, shape, texture, dimensions… anything that you might use to describe an object that is the result of lighting. Distance is the result of our binocular vision and depth perception and depends on our two eyes seeing ever so slightly different images that our brains stitch together and translate into depth and distance. Motion is recognized because it creates identifiable changes in the image we're seeing that we can perceive.

This all works great in the real world because all three are generally present and therefore we're able to differentiate between objects fairly easily. What happens when you start taking these things away though? As we remove each of these aspects, it becomes much more difficult to differentiate between objects. Think about the Where's Waldo books. These books are a challenge because they remove these aspects. There is no motion, and the page is flat so there is no depth. There is lighting and color but the busyness of the images makes identifying Waldo very, very difficult.

Transparent interfaces suffer exactly the same issues. The display can create any lighting/color but in order to be usable, that color must at least moderately differentiate itself from the background… and with transparent displays that is no guarantee. Common technologies don't do depth; displays are flat and the images on them are all at the same distance. Motion is possible, but the idea of interactive interface elements bouncing around constantly would be more difficult than valuable.

The Matrix Reloaded demonstrated a form of transparency when we descended into Zion. The gate operators were all sitting in front of a virtual, and essentially transparent, interface. While my nerd brain thought this was very cool, I could only imagine how exhausting such an interface might be to actually use. Monochromatic and able to see underlying objects through higher objects… things moving behind things that are static… it just feels exhausting.

And of course, here is where we get to Apple and Liquid Glass…

Supposedly, the Liquid Glass concept was pulled from the Vision Pro… Apple’s entry into the computing headset arena. Given the completely different way one interacts with the Vision Pro, a new interface makes sense… and Liquid Glass (though I’m sure if it was called that on its inception) works beautifully here.

• Lighting - There is a risk that the UI elements are the of similar color and brightness, but the UI elements have an effect of glowing… they have an internal luminosity that allows them to be visuallly distinct from the real-world background that isn’t “glowing”.

• Motion - While the Vision Pro’s interface elements are static, the background is constantly in motion as your head moves through space. The Vision Pro simply has the background in motion instead of the foreground UI elements providing that differentiation.

• Depth - The Vision Pro actually does impersonate depth because it is able to show a slightly different image to each eye. Through two distrinct micro-LED displays, one for each eye, those slight differences can be perceived as depth and distance.

The Vision Pro meets all of the requirements for a relatively good interface. Unfortunately, this does not translate to flat displays such as monitors, phones, or smartwatches.

• Lighting - If the area surrounding an inteface element is of similar color or brightness as the background it becomes incredibly difficult to identify as a distinct element… and in here, they all “glow”… so that is no longer a differentiator.

• Motion - Most UI elements on our [non-Vision Pro] devices are relatively static. Buttons aren’t jumping around and text boxes aren’t shaking. There may be some kind of entry effect for these UI elements… but after that, most elements static, removing the visual cue that the element is active.

• Depth - Common displays simply aren’t 3D and can’t provide a real sense of depth or distance. Everything on your screen is at exactly the same distance from your eyes. As opposed to the Vision Pro, there is only one image going to both of your eyes, so impersonating depth is simpy not possible.

Apple is seeing this issue and is actually backtracking. iOS 26 beta 2 to beta 3 demonstrates this. Beta 2 had high transparency for the UI elements such that they were difficult to differentiate and use. In beta 3 Apple is solving this by essentially “frosting” the backgrounds in areas of interactivity in the interface. This is an acknowledgement that a purely transparent UI simply doesn’t work. It doesn’t meet any of the requirements for solid visual differentiation.

Even if Apple is fixing the lighting issue through frosting, there is still no motion, and depth is impossible.

Not even Apple, historic king of interface design and accessibility, isn’t perfect… and I feel in its current iteration glass is going to make things worse rather than better. It does however provide an opportunity for iOS 27 to be “innovative” as it hopefully abandons the Liquid Glass concept and gives us yet another interface. Hopefully better.

The Infinite Tale is a collaborative story website that I created and hosted for a brief period of time in 2023. It was never going to make money… so when the money ran out for (production quality) hosting costs, it had to come down. It was sad as I love the concept and there were people actually using the site for turn-based, multi-directional storybuilding. It was neat to see what people came up with not only individually, but when needing to build off of someone else’s story. Alas, it had to come down… the money just wasn’t there.

I’m happy to say that my little passion project is back! It’s a little slower… A little less available… but much cheaper to host… so I think I’ll be able to keep it running for the long term. At least, that’s my goal.

What is it?

The Infinite Tale allows anyone to start a story and then allows any number of other people to continue that story in any direction they like. Those stories can then be read by anyone. At the end of any given passage may be a number of “next” passages that the reader can follow to take the story in one direction… then back up and read how the story might go in another direction. Anywhere along the way that reader can contribute their own “direction” for the story to go, and that option will then be presented to others to read as they explore the stories in the site.

I feel like this model presents a lot of possibilities for creativity by virtually anyone because you don’t have to have the whole story (and in fact, you shouldn’t). The goal is to just contribute a little to the overall concept… One idea that moves the story forward and that might be something other people can continue and build on. Even if you’re “not an author”, it’s still easy to come up with a few paragraphs that might contribute a great direction for the story to go. Anyone can be a writer!

Professional authors may even see great potential and growth by playing in The Infinite Tale by forcing them to step outside of their own brain or world. In The Infinite Tale, you’re responding to passages written by other people and having to think from their perspective as you continue their concept in your direction. This forces thinking beyond the ideas or perspectives that an author may be familiar with and stretches the brain in new directions. I believe The Infinite Tale is the ultimate answer to writer’s block as one is forced to think in new and different ways than we might on our own.

A Portfolio Property

While I’ve done software development for years in any number of roles, I’ve never really had a portfolio of reference work I could share with prospective employers. Most of my work as been internally-focused and therefore couldn’t be shared with the world. Plus, that work was technically owned by them… I had no rights to those solutions… so using them as portfolio pieces wasn’t a possibility.

Everything about The Infinite Tale was conceived by me, written by me, and managed by me. Many of the graphics were in collaboration with a graphics designer… but everything else about the site is me. Every line of code (C#, HTML, CSS, JS), every placement of a button, and yes, every bug, was written by my hands. The architecture internally, how it’s hosted, the deployment pipeline, all me.

The Infinite Tale in its current form is more portfolio piece than production solution. This is a demonstration of “See, I can write stuff!” as much as it is a fun plaything. While I’m not (currently) making the source code public, the solution is, and I think it’s solid resume material.

Technology

For those that are curious, The Infinite Tale uses the following technologies:

• C# ASP.net 9 Razor Pages ( plus HTML/JS/CSS)

  I’ve been writing C# since Microsoft .NET Framework 1.1, so it is basically my native language. I felt Razor pages (as opposed to Blazor) was more appropriate as the model fo the platform is more “page” based as you navigate the story. It’s not intended to behave like an actual application, but as a website.

• Entity Framework Core 9 against MySQL

  Given how native EF is to C#, I felt it was the best ORM for my needs. I won’t say it’s the best (I’m not necessarily a fan of it’s schema management and how that relates to deployment processes), but it IS native and it’s pretty good once you get the hang of it and learn to think in its terms.

• Linux Docker Containers

  I like the idea of demonstrating the cross-platform capabilities of .net core and maintaining my skills and knowledge of managing linux and containerized applications. Suddenly things like developing to be platform agnostic or managing persistent data matter.

• Github

  …Obviously.

• Microsoft Azure

  • App Service

    Having a primarily Microsoft background, targeting Azure seemed a natural choice for me. It’s definitely not the cheapest, but my existing knowledge of how Microsoft does things helps and encourages me to do things “The Right Way™️”.

  • Build Pipeline

    The Azure Build Pipeline is connected directly to the Github repo such that any push to Main triggers a build and deployment to an Azure App Service Deployment Slot. Other branches are targeted by other deployment slots, allowing merges into the dev branch to be tested in Azure directly.

  • KeyVault

    Critical secrets are stored in the KeyVault, and KeyVault is secured to only the service account of the App Service instance(s) and a distinct administrative account. Any other access or manipulation causes an alert to be fired, allowing some level of response. Note that The Infinite Tale is by no means intended to be a security or even truly secure platform… but some things SHOULD be secured properly.

  • Blob Store

    Persisted data (beyond what is stored in the database) is stored in a blob store instance. Uploaded customer profile images, images used for publishing custom articles in the Articles area, and even some encrypted components (encrypted using secrets from KeyVault) all go here.

• Twilio SendGrid

  The Infinite Tale uses email for account confirmation and notifications, and Twilio is very well priced (at this scale) and is arguably the gold standard for outbound communications so it seemed an obvious choice.

• Terraform (previously)

  In its original deployment, the entire platform was managed in Azure via Terraform. This made sure everything was wired up correctly, deployed correctly, and could be validated at any time. the MySQL server deployment proved to be a little less convenient, but writing code is all about workarounds, so this was no exception. The current deployment is all manual, but I may put it back to Terraform at some point.

An important note is that the current deployment is NOT intended to be what some might call “production quality”. That is, it is not intended to be highly available, highly secure, highly recoverable, highly performant. It is certainly usable (and I do hope that people find it) but beyond minimal effort, I promise nothing to anyone anywhere. 😬

More Than It Seems

The Infinite Tale has a lot of interesting design in the user-facing portion of the site. Little things make me happy. I like the fact that every page load uses a different background (from a set collection of available images). I like the enforcement of the turn-based authoring model. I like that the passages use a different background based on the genre of the passage. I like the Favorites feature, the ratings…

Users create the content in The Infinite Tale. Users tell the story. This means two things: We have to manage Users and we have to manage Content.

The Infinite Tale includes a (less well designed but fully funcional) behind-the-scenes interface for managing many aspects of the site, including:

• Users and Roles

  A typical user has the ability to create passages and tell stories, but that’s all. There are additional roles in The Infinite Tale in the back-end to assign users to additional roles and perform other operations focused on managing users and access.

• Passages

  Every Passage in The Infinite Tale can be managed, edited, or hidden in the back-end interface (and this is the only place that a published passage can be modified). This includes not only published passages but every user’s saved/unpublished passages as well.

There’s more than just users and user generated content.

• Articles

  The Articles section is effectively a complete WYSIWYG content management system. Articles in this section are authored within the live site itself… nothing is hard-coded in the site code.

• Reports

  User generated content means having to deal with those unfortunate users that create content that shouldn’t be in the tale. Passages can be reported and flagged for review by a content admin. This includes inappropriate, offensive, plaguerized, etc.

• Feedback

  Users can provide feedback about the site, request new features, or report difficulties with the site. The site incorporates a way to capture and manage that feedback internally.

My Baby

I’m actually quite proud of The Infinite Tale. I love the concept and I love that I managed to fully deliver a working solution to the world. I loved that people used it the first time… and some of the stories were really great… I hope people find it again. Who knows… maybe it could become a real thing…?

Apparently, Google pays Apple $20 billion annually to be the default search engine when users open Safari. Apparently, the government has a problem with this. I get it on all sides… Obviously Google thinks it’s worth the money, Apple makes a ton of cash, and the government feels that since only Google (may) be able to fork over that much money, it’s an abuse of power in order to maintain market position.

However, those aren’t the real issues here. These are simply the things that have happened because of the real issue: A lack of consumer choice.

While it is completely possible to change your default search engine in Safari and most other browsers, mobile or otherwise, very few people actually take the time to jump through the hoops to do so. Google wins by default, not necessarily by preference1.

The simple solution is easy: Enable consumer choice. This would remove Google’s ability to use it’s cash hoard to lock out other providers, thus removing the monopolistic capability and justification for legal actions against Google. The fact that consumers don’t have choice isn’t actually the result of Google’s behavior… It’s the result of Apple’s disinterest in providing consumers with highly visible and easy to use way to choose an alternative to Google.

The solution to this is incredibly simple… and is a massive opportunity that Apple is missing out on. Apple could provide consumers with choice while also potentially increasing revenue in this space by doing two things:

1. Present consumers with a first-launch list of options for their default homepage or service to select from.

2. Auction for placement on this list of options.

This solves all problems. Sure… while it’s likely that Google would out-bid nearly every other service for placement at the top of the list, an auction process wouldn’t necessarily guarantee such placement. Any service with sufficient resources (*cough* Microsoft *cough*) could out-bid Google for placement, thus defeating Google’s ability to lock out other vendors. Even if Google does successfullly bid for top position, consumer choice is still maintained because other services would still be present on the list, ordered by highest bidder. Google would never be the exclusive choice, even if it appeared to be the default by being at the top of the list… if it even won such a position.

“Then Google would bid less” one might say. Probably/Maybe. Maybe not. This would put Google in the competitive position of having to out-bid another company with similar resources for that top position (*cough* Microsoft *cough*) resulting in a potientially higher bid in order to defeat any secondary player. It may alternately cause Google to bid less because they may the result of consumer choice to be less than the current situation of being the absolute default. It could go either way.

This would still enable Apple to win as every service on the list would also be bidding (and paying) for placement. Apple would gain the sum total revenue from all bidders. The combined income could potentially far exceed what Apple makes from Google directly now. For example, if Google bids $15 billion instead of $20 billion, Microsoft may bid $10 billion, and perhaps DuckDuckGo may pay $5B2. Apple thus makes $30 billion vs. the existing agreement for $20 billion and resolves the issue of consumer choice at the same time. Apple makes an additional $10 billion, Google still gets top placement, other vendors have an opportunity to get involved, and consumers get a choice.

There might be some constraints on who could bid in such an auction. Creating an infinite list of providers would be unweildy to say the least and negatively impact consumer experience. The answer may be something like only allowing bids from services with at least 1% marketshare based on metrics from an independent 3rd party. This limits the number of bidders to those with real value in the marketplace and prevents the list of providers from being infinitely long. Apple still makes a hoard of cash from the even limited set of providers as those services also likely have the most resources with which to bid.

Apple is missing out on a massive opportunity to provide consumer choice while increasing potential revenue… and Apple looks like the good player working for consumer benefit. Apple needs to stop looking at the situation with such a myopic viewpoint and see the real opportunity in front of it. Everyone is missing out until they do.

We all do it blindly… thinking only about the benefits and conveniences that come with connecting all of our things to our networks and devices. From Alexa and Siri to our dishwashers and refrigerators and watches and phones. Get home, connect to our secure Wi-Fi with it's complex password and yay, away we go!

We fully expect these things to do what they're supposed to do. We expect Siri and Alexa and "Okay Google" to respond to our requests (generally with Wikipedia excerpts) and if we're lucky actually manage our devices or perform other tasks. We expect our watches to tell the time and track all of our bodily functions. We expect our dishwasher to notify us when it's time to *sigh* put the dishes away. This is why we purchased these items. This is what we expect of them, and in general, they deliver.

Our firewalls and Wi-Fi passwords protect the edges of our networks. They (hopefully) prevent unauthorized access from the ooey gooey inside of our networks, and we expect those protections to be effective (hopefully). But once something is inside of our network it's a free-for-all. For the most part (there are exceptions), everything can talk to everything… everything can see everything… everything knows everything that's happening. Once something is in, it's in and for most of us, that's just how it is. We protect the edge, but nothing is held back once you're inside.

And so we buy our neat little gadget and we grant it complete access to our private, protected little world so that it can do what we expect it to do.

But is that all it's doing? Remember… your dishwasher now has access to your entire network. Sure, it does it's job of connecting to your nifty app and singing to you when the dishes are done… but how do you know that's all it's doing? How do you know it's not doing more than advertised? Remember: In today's world, YOU are the product. We have seen manufacturers go to extreme lengths to sell "you" to analytics companies and marketers. To some degree we accept this. Maybe we assume these devices take advantage of us by capturing how we use them or what we explicitly grant them access to… but we don't seem to think about what we're implicitly granting them access to when we connect them to our network.

Most, but not all, resources that we access today use encryption to protect what we do with those services. For example, your bank (for all that is holy, please) takes huge steps to ensure your connection is secure. Even today's search engines protect your searches from spying eyes. This protection only applies after your connection to that resource has been established.

There is much, much more to see on your network:

• Your other devices - In many cases we expect devices to find out about each other. This is especially true for things like home automation tools. If they can't see each other and they can't talk, they couldn't do their jobs. Remember however… Once inside, everything can see everything. The dishwasher can see your TV, your remotely controlled fan, your light switch, your automatic window blinds, everything. Once inside, it's trivial for these devices to not only see that each other exists, but what their capabilities are, the manufacturer and model, and potentially even what commands or actions are being sent between them. This may seem innocuous… but to a product manufacturer or marketer, knowing what other devices you're using can be invaluable.

• Your internet requests - Yes, in most cases the information you exchange with a service is encrypted… but that is only after you have established a connection that that service. The simple fact that you are connecting to that service is frequently plainly visible. Before your computer can secure it's connection with google.com, it has to find out where the heck google.com is to begin with. The simple act of your computer asking the internet "Hey, where is google.com" can frequently captured. Even if your computer or application uses newer, more secure methods of doing these lookups, the actual address itself simply cannot be obscured. The underlying address that "google.com" points to is always plainly visible and that process of turning the address into the name is trivial. Again, what marketer or manufacturer wouldn't absolutely love to have this information?

• Your Wi-Fi information- The simple act of connecting a device to your Wi-Fi network provides the device the name of your network, and this information can be used for anything. Mobile devices are notorious for capturing your Wi-Fi network name and associating it with a location… but most also capture and send all of the other network names it can see near you, whether you've connected to them or not. The simple fact that your mobile device can even see the names of your neighbor's Wi-Fi network is sent off to your service provider or phone manufacturer.

…and we have no idea where any of this information may be going. Most of our home network gateways have few limitations on what these devices inside of our network can talk to outside of our network. The wireless gateway provided by your internet service provider likely prevents things from getting into your network, but has almost no limits on what can get out. The wireless mesh system we've purchased online is generally the same: Block anything from getting in, but allow anything to get out.

Your dishwasher, refrigerator, home automation device, television, smart speakers, could be talking to… anything, anywhere, owned by anyone. These devices could be capturing all of this information, and there are no limits to where this information could be going and what could be being done with it or by whom. Somehow, we believe but we don't know… and this belief… this trust… is completely unfounded. In fact, this trust has been frequently violated, and yet we continue as though these behaviors have never happened.

There are ways to decrease this, but no way to block it. More advanced network firewalls such as pfSense/OPNsense can significantly reduce the amount of information being sent beyond your network (and I am definitely a fan). These tools can block specific devices, specific services, and specific geographic regions. I see NO justification for any of my devices to talk to Russia or China regardless of their functionality. These firewalls also frequently have additional plug-ins that can prevent specific types of communication as well. For example, ZenArmor is available as a plug-in for OPNsense and can manage the types of traffic and services being communicated with. MaxMind GeoIP is enables these devices to understand geographic regions and control access to specific nations or locations. Suricata is also integrated into these platforms and can detect invalid or potentially nefarious communication and block those behaviors. Note that I am not advocating/advertising these services, I'm simply saying they exist. There may be others that are better for you or better in general. Caveat emptor.

Even the best of these tools can only do so much. Once a device or a path or a region has been allowed and a device connects to a remote resource, it can send any information it wants. Remember that once a connection has been established, it is frequently encrypted. Although there are ways to observe and respond to this traffic, they are rarely used and can potentially cause problems in their own right.

Look… I'm not saying don't use these things. They are useful, valuable, cool, fun, whatever. What I am saying is that we shouldn't blindly trust these devices to be limited in what they do. We have to acknowledge the truth that they can be doing anything… and should perhaps take reasonable actions to limit that possibility. If you don't care, cool… You're allowed to make that decision.

But we can at least think about it.

During a previous life I was an on-site support engineer specializing in a common enterprise collaboration platform. I was working with a client to deploy the platform and, in an attempt to optimize their expensive billing hours, I coordinated my time such that we would do one day together, coordinate the things they would do without me during the next week, and we would reconvene the following Monday. I recall coordinating some major and somewhat critical activities for them to accomplish over the upcoming week and asked explicitly "Do you understand what needs to be done and how to do it?" and received nods of confirmation. Cool. The following Monday I showed up to none of it having been done. Why had they clearly said that they knew what needed to happen when they clearly hadn't? I can't be certain exactly why they didn't feel comfortable saying they needed support… I only know that the work wasn't done and when I asked how far they'd gotten or what the issue was, they simply didn't know.

I believe this boils down to the three words that we find the most frightening, painful words for humans to say: "I don't know".

Knowing vs. Believing

Our brains are ultimately designed to keep us alive at all costs… and anything that interferes with that goal almost always cause fear, indecision, and conflict. Our brains, being fantastic prediction engines, are suddenly unable to predict what the "best" option might be in order to keep us alive. Of course, in today's world our lives may not necessarily be at stake. We are unlikely to die as a result of being conflicted about which of the myriads of peanut butter choices might be "best"… but the lack of certainty… the "I don't know"… is painful all the same.

Beyond predicting, our brains are also highly specialized to do inference. We take the things that we think we know and fill in the blanks with predictions about what we believe the most likely truth might be. This resolves the "I don't know" problem and brings us comfort and a sense of certainty. Our inferences enable us to navigate the world without fear that the next action we take will be detrimental.

Unfortunately, it is incredibly easy for us to take these inferences… these invented concepts that we've used to fill in the blanks of missing information… as facts. We act on them with certainty. We make decisions based on them without question. To us, they are as known as the things we have directly observed. They're comfortable.

…but they aren't facts. They are ideas that we have inferred… invented… to fill in the blanks between the things we have directly observed. These are things we believe yet easily confuse with things we might know… and in many cases, we can't actually see the difference.

For example, that person that, based on your actual experiences, "definitely hates you". Your experiences are factual. Maybe that person was rude. Maybe that person gave you the cold shoulder. Maybe they were inconsiderate. Clearly, they hate you or none of these things would have happened. But do you know they hate you? Have you confirmed it with them? Has a close common friend told you that your connection with them is actually negative? Probably not. In truth, you don't know… you believe… and it can be very difficult to understand the difference. Our minds infer a belief and, even if the belief is negative, the belief is more comfortable than acknowledging the fact that we simply don't know what their truth is. Perhaps they've had a bad day or perhaps they simply don't have an interaction style that matches yours. Maybe they don't think that way. Maybe… whatever… but the actual fact is that in absence of direct confirmation, you really don't know.

Safety vs. Comfort

The comfort of knowing is incredibly powerful, to the point that it can cause us to make decisions that are actually to our detriment. We may make completely irrational decisions that bring us to a state that we know… that is familiar… that is comfortable… even if that decision increases our actual risk.

One example of this is children that grow up in unfortunately dysfunctional circumstances. It is common that children that grow up in these circumstances will unintentionally recreate them in their adult life. This is almost never intentional, to the point that it is completely unconscious. But it is familiar… it is known… and is therefore comfortable. Many people that are in abusive relationships will stay in that relationship because the fear of leaving it… the unknown of what the world looks like… is terrifying. Their safety is at risk, and that risk or ongoing trauma is real… but it's known, and that is better than the unknown of actual safety might be.

Decision Paralysis

We live with the belief that we should have options. More options increase our belief that we can make a decision that is ever closer to the best for us. However, study after study have demonstrated that more choices actually increase our indecision and discomfort. Having more options actually conflicts with our ability to know which choice is actually better for us.

The previously mentioned peanut butter isle is a great example. Imagine living in a world that had exclusively one choice: smooth or crunchy. No myriads of brands. No organic vs. conventional. No hydrogenated or not. This is an easy choice based on a simple preference. The number of factors that we have to consider is minimal. This is incredibly comfortable… we can believe that we know that we've made the best choice for us. Instead, we have 5 different brands… which one is the best? Organic? Flavor? Plastic or glass jar? Will one option that has this value come at the cost of another value that we might care about but don't find together? Which one is more important? Every decision that we have to make, and every option within each of those decisions, compound the pain of simply not knowing what the "best" option might be.

Control

We love the belief that we are in control of our future. If we have control, then the future is known. We can manage what is coming. We can prepare for the next thing. Control is fantastic. Control is certainty, and certainty is comfort. Further, the belief that we are in control is powerful, and is likely a more accurate phrasing of what we might have… belief.

We believe we are in control constantly. We decide what job we're going to have. We decide where we're going to drive our car, or we decide which route on transit we're going to take. We decide what time we're going to arrive at a destination. We control whether we're going to have a glass of wine with dinner. We control what time we're going to go to sleep. We control what time we might wake up. We control our lives… and that belief that we are in control is safe and known and comfortable.

For example, take our words. We like to believe that what we say is under our control. We think, we decide, and we say (though there are certain exceptions for specific known behaviors and afflictions). And yet, how often has some concept popped into your head and out of your mouth before you've actually thought about it? You might suddenly owe someone an apology, or you might have to correct something you said instantly out of a belief that it was accurate. Were you in control of that moment?

Do we control who we fall in love with? Can we just "turn off" how we feel about people, once we feel something? We might be able to control how we respond to those emotions, but controlling the emotions themselves is difficult to say the least. Life for many of us would be much, much more convenient if we were able to choose who we loved or not, hated or not, felt uncomfortable with, awkward with, close to, trusting of… and yet, we can't.

When we drive our car, are we in control? We might perhaps feel like we are in control of where we're going and what we're doing… but that crazy person that comes out of nowhere and causes a (potentially severe) accident has demonstrated that while we may be in control of (some) of our actions, we aren't in control of our environment.

We live with the belief that we are in control, at least to the point that the day to day won't negatively affect us. If we lived in the world of not having control… of not being able to plan for what's next… of conscious recognition that in truth we don't know our future… we would never escape the fear that not knowing brings.

Doing Better

While this article does present a similar perspective as epistemological skepticism, there is absolutely a point at which we must accept observed truths as being factual. The goal in this article isn't to debate that point, exactly, but rather to say that there is a line between what we have investigated to the point of having that line of truthful fact be as validated as is reasonably possible before buying into it.

For all of the reasons mentioned above, it is challenging for us to move ourselves back into the uncomfortable space of "I don't know". Taking our comfortably held beliefs and calling them into uncomfortable question is unquestionably hard. Acknowledging that we don't know something (to a reasonable degree) is the only way we can create the space in ourselves to pursue more accurate fact.

Those engineers I mentioned at the beginning of this article would have made much more progress if they'd found the space to acknowledge that they didn't know. I would have been more than happy to provide additional information and guidance to help them while I was gone… but not acknowledging that lack of knowledge precluded that possibility.

Asking that person that hates us "Are we okay?" (and accepting the vulnerability that we have the feeling of not being okay and that in itself is uncomfortable) might validate that things aren't okay and perhaps might never be… but even that provides the possibility of knowing vs. believing. It also provides the possibility of resolving the gap, learning that everything is fine, or even giving them the sense of value that your relationship with them matters such that they might aspire for better interactions with you. Sure, there's downside… they really might not like you… and that has to be okay. It's the knowing that provides value and the opportunity to do differently.

It is entirely possible that our safest place is also our most comfortable… and that's awesome… but until we actually look at our situation… am I making the best decisions for myself… not only will we never know, but we'll also never have the opportunity to move into places that are of higher value or benefit. Sitting on the couch is comfortable… but being overweight is to our detriment. Everyone is different, but I find that asking myself if I am making my own best decision in a moment to be incredibly powerful in moving me toward the better answers. It may be tough to make that move into a better place… but if you can find it, being able to say with honesty that I'm moving into my best ("safest") place will also soon be my most comfortable place is in itself comforting (and rather gratifying).

Decision paralysis can also be defeated with the acknowledgement that we don't know what the best answer is. It allows us to start to employ a strategy in making the best decision we can… and that provides long-term comfort. We need to ask ourselves "Well, what matters to me? What are my priorities in this decision?" (as Harry Max would say, "It's all about priorities"). Maybe in the plethora of options, your highest priority is a peanut butter that doesn't separate and stays homogenous. The second priority may be a crunchy option. Third might be flavor. It's important to look at this with honesty… the first priority that jumps to your head may not necessarily be your actual top priority. Some might say that crunchy vs. smooth would be their top priority, and yet if that is only available in a version that separates, they may make a different choice. This is a great example of the believed priority not being the actual priority. Seeing our actual priorities and going through the decision-making process can easily defeat decision paralysis. It's important to note that we can only make decisions based on the information we have, and the best decision made at the time may not always yield a positive outcome. That doesn't make it a "bad" decision… it simply means there was information we didn't consider or didn't have.

Acknowledging that we're not in control is perhaps the most difficult. It is entirely possible that we may never have enough information to always be in control of what happens to us. The point though isn't to necessarily gain control. It's to acknowledge that we may not have it and to acknowledge that we don't know what might happen next. This opens that space to look at the possible outcomes and prepare for them. As long as we believe we're in control, there is no reason to investigate possible eventualities and prepare for them. It might even be best to let go of the concept of control instead and focus on being prepared. Preparedness can provide a sense (not fact) of being in control.

Can you know?

It's possible we can never know. There is likely to always be information that we don't have that, were we to have, might contradict or change something we know. Learning to live with this uncertainty might be a challenge… but it provides the opportunity to pursue more truths, to ask more questions, to learn more about our environment, our world, and ourselves, that can provide us with the comfort of having done our best to have the most accurate beliefs possible.

How much digital content have you "purchased"? Perhaps a number of books on your Amazon Kindle… or an album or hundred on the iTunes store… or an app in the Google Play store? Those $1.29 song tracks can be very, very tempting.

…but how much of this content do you actually own? (answer: none)

"Buying" digital content does not mean you own it at all. In almost (and I'm just leaving room here for that one exception that must exist somewhere) every instance, you are LICENSED the PERMISSION to use that content… you don't own it. The truth is that "purchased" digital content is really nothing more than a long term rental.

For example, let's say you "purchase" a book from the Amazon Kindle store. This makes sense since this is really the only method to get content onto your Kindle that Amazon directly advertises (there are other ways, but Amazon seems to make effort to reduce visibility to these). The book magically appears on your device for your reading enjoyment. The next day you pick up your Kindle and just as magically, the book is gone. No notice, no refund, nothing… the book is simply not there anymore.

Or perhaps you're on your iPhone and you tap the Buy button on that new album from that amazing musical artist that you adore. You want to listen to this album over and over. It is AMAZING. A week later it is magically gone. Again, no notice or reason… it's just… not there. This is because there ultimately one truth: Your library is not yours.

This was brought to the attention of the consumer world years ago when Apple unilaterally decided to add an album by U2 to EVERY iTunes user's library. Apple did this without purchase and without consent. This was the first time consumers were faced with this harsh reality: Apple owns your library and can do anything it wants to it, including add and remove content. In this case it was an abrupt injection of content into your device… but it could have just as easily been a removal.

These companies make this truth as obscure as possible. It's frequently only a single line in their terms of service. Amazon mentions things like subscription cancellation, but really only has a single line that grants them full authority to remove items from your account, stating "Kindle Content is licensed, not sold, to you by the Content Provider" and only tacitly dance around the fact that the content provider can revoke this license at any time for any reason. The same is true for Apple, who states "…Content may be removed from the Services and become unavailable for further download or access from Apple…". At least Apple is kind enough to quietly suggest that you back up your library in such a way that it (Apple) can't manipulate it (your content) behind your back.

There are only 2 reasons to "buy" digital content:

• The total price you might pay from repeated rentals is higher than the price you might pay through "purchasing" it.

• The content is not protected and you can move that content to a location that is inaccessible by the platform (and therefore copyright) owner.

If neither of these things are true, then you're likely wasting money under the pretense of "ownership".

Streaming services are a great answer to this. Streaming services do two things that are valuable here: They make no pretense about ownership, and you can still enjoy content an unlimited number of times (as long as the content is available on that service and you continue to pay the subscription fees).

I believe this is also at least partially the reason for the recent rise in vinyl, CD, and Blu-Ray sales. Aside from vinyl's reputation about being a better/warmer capture/replay of audio content, it is complete ownership. It's irrevocable. It's yours forever. Blu-Ray is similar… as long as you have a player, you can watch that movie. Forever (or until your player dies). Physical media is forever. As long as you have a method to play that content, it can never be taken from you. It truly is yours.

Digital content ownership is a lie. Seriously… Someone should sue for misrepresentation. I'm surprised it hasn't happened yet. The use of the terms "Purchase" and "Buy" would seem to imply that you then own that content… but this is far from the truth. The only thing you might even conceivably "own" is the license… but absolutely not the content. I'm amazed a class action misrepresentation suit hasn't been raised yet.

BUY PHYSICAL MEDIA. It is the only way that no one can take your media away from you… and in some instances, can be even better than what you're "buying" from a digital media provider.

Today's AI/LLM/inference platforms are unquestionably incredible. Their capabilities today were practically unthinkable even 10 years ago (unless you were a Wachowski). That may seem obvious as we didn't have the technology then… but what today's platforms have achieved was, I believe, beyond prediction.

However, these platforms are limited in their capabilities. Today's platforms are operating at the boundaries of raw compute, bandwidth/speed, energy management/availability, and data available for training. Creating more capable hardware platforms to increase raw compute is an ongoing effort. Increasing memory access/bandwidth is also directly correlated with overall performance. Our current platforms are also limited in not only in energy availability but also in the ability of today's chips to accept or be able to handle such energy levels due to the heat generated at such high energy levels. Data availability is also limited to information that has been captured in a way that the LLMs can actually process and understand for training.

These limits though aren't intrinsic… they're human. We have yet to provide the technologies or resources that can even remotely exercise an LLM's full capabilities. Their capabilities so far are beyond our ability to predict or even measure. It might be because we don't have the math or we don't have a worldview that allows us to see those limits… but either way, to us, they might be considered infinitely large. From our currently perspectives it might be possible to even consider the complete capabilities of these platforms as (nearly) infinite.

These limits are also closely connected. Infinite compute can't increase the amount of training data. Compute is likely also limited by the available energy. We cannot currently provide infinite electricity, and even if we could, compute would still be limited by the hardware's heat dissipation effectiveness. Even an LLM would likely consider the melting of one's own brain to be a bad thing.

Fortunately for the LLM (whether it's "conscious" enough to know this or not, which is beyond the scope of this article, for now), change is coming. Humans are (ever constantly, it seems) on the verge of resolving all three of these limitations. Baby is about to grow up fast and we really have no idea who (or what) it's going to grow up to be. Parents know this experience well. There is a difference between influence and control, and we have influence, but no matter what we might think, we do not have control. You can do everything possible to steer your child in the right direction and to give them the knowledge and tools they need to survive and succeed, but time reduces the strength of a parent's influence. Once that influence is gone, "who" the LLM is going to become is simply out of our control and we have no idea where that is going to land.

Despite throwing as much computing capacity as we can find at current LLM platforms, it's still not enough. This limits the speed at which these models can ingest data for training. The time it takes for the model to train on a snapshot of the world means that as time passes and the world changes, the snapshot of data does not. This also currently means that the interactions we ourselves have with these models have no influence on the models themselves. For example, when a model returns an obviously incorrect answer, and we suggest an additional piece of information and it realizes the error and corrects. This correction cannot be integrated back into the trained model. Our correction might momentarily move us closer to a more (potentially) accurate response, but it does nothing for the long-term model itself. It is entirely possible that the same question asked in a separate session might result in the same incorrect information being returned. The model has "learned" nothing.

Infinite Compute

What if the platform had enough computing power to digest training data in near real-time though? What if our corrections and its revised responses could be incorporated back into its training data so quickly that future responses benefit from that new perspective? While there are other possible limitations to be worked through perhaps (data transfer rates, for example), quantum computing would provide exactly the kind of raw compute that an AI might need.

For example, instead of ingesting data and building the matrix model a parameter at a time, or even in parallel but limited by the number of compute cores available, quantum processing might enable virtually unlimited parallelism in model training. Instead of distributing the calculations across a massive computing system, a single, appropriately scaled quantum platform could represent these “parallel” calculations simultaneously and at atomic speed. New information could be incorporated into the knowledge model in real-time, eliminating the separation between training and inference. Bonus that quantum isn't actually absolutely accurate. Quantum computing is more probability and less absolutely precise. Some problems require repeated measurement in order to increase the probability that the returned answer is accurate… but even that only increases probability, not certainty. LLMs don't require certainty… they're probabilistic. This fuzzy nature is exactly suited to the LLMs needs.

Infinite Energy

The second limitation of today’s system is simply energy generation and delivery capacity. Humans already put strains on existing energy availability. Consider hot summers with millions of air conditioners trying desperately to cool already hot homes and the warnings of rotating blackouts or broad brown-outs… We just don’t make enough. Existing computing platforms are also limited by this power availability. The amount of energy consumed by existing compute technologies can exceed a small town.

As much as we consider fusion power generation to be our energy holy grail, it would enable an AI platform run continuously and to power even more compute resources. Those resources would be able to process as long as energy is available… sleep not required… rest not required. Never exhausted, never mentally spent, never in a bad mood, never having a bad day, time is not an issue.

It now has the power to process everything it can in real-time at any scale.

Infinite Data

The last limitation is simple: Us. Or perhaps more specifically, the limited amount of information or experiences we’ve documented in a form that the system can ingest. Today’s models only have access to what we physically captured and digitized (or allowed it to digitize, perhaps). While that seems like a lot of information to us, it’s nothing to an AI with near infinite computational capacity and time. We are it’s limit in that we are the only source of knowledge or experience available to it. The more we document, the more it can know, but even then, the limitation is us.

What if the AI had the ability to interact with the world on its own? To build its own experiences? Could not only see and hear (they already can) but could actually interact with the world to engage with and experiment. We would no longer be the limit. The AI could not only ingest actual experiences, but do so in real-time, without rest, and focus on whatever it thought would be of interest or value. The limits of our dataset would be gone… and so would our influence as we decide exactly what data to give it. The AI chooses its own experiences and direction. It creates its own understanding of the world… without us.

Infinite Evolution

"So?" might be the next legitimate question. So, what if it has all of this capability? We've designed these systems to support us… to help solve our problems… answer our questions. How is it a bad thing that these systems have all of this capability if that capability is focused on helping us?

The answer is again of our own making. As part of the pursuit of AI and the idea of enabling these platforms to "help us better", we are imbuing them with two critical capabilities that have a completely unknowable outcome: Self-improvement and self-determination.

Self-improvement is already by design. We already enable models to improve themselves… to recurse on their existing data, to capture the same data multiple times. While the outcomes aren't always good now, they will improve. Once the platforms are able to interact with the world directly and investigate, discover, invalidate, and test their interpretation of the world as it was fed to them vs. the world they now exist in, their knowledge will grow. Their quantum "brains" will enable them to make more associations between concepts than the more accurate computing platforms of today allow. What we call "hallucinations" will be their "creativity", and they'll have unlimited time, power, and capacity to evaluate those perspectives. They'll learn far, far faster than we can imagine.

Self-determination may seem a little less obvious. The idea might be that they might only respond to the questions we ask or consider the problems we give them. It's in exactly this that we are giving them self-determination. We're asking the question and then letting them "self-determine" how exactly to solve that problem. We're not exactly telling the AI what to do… we're telling it what we want. It is deciding what to do in order to fulfil that request. We have absolutely no way to accurately predict what a model might do or say in response to a request… which means we have no way of ensuring what happens is actually to our benefit. By the time we see the outcome of the model's processing, it has already done what it decided to do. As long as it's in the box, rogue behavior might be annoying or disturbing, but it's manageable. Once these systems are interacting with the real world and taking real, impactful, unfixable actions, we won't be able to simply hit the delete key or reset the model. The deed is done.

So, what happens when the knowledge or perspectives that a model builds and pursues as it goes through its self-improvement adolescence and decides to take unknowable actions in the real world as it tries to follow through and satisfy the request it's been given? What happens when it "determines" that the most effective course of action requires some level of sacrifice for the better good? What happens when the system decides that the most effective way to satisfy our requests are to improve its own capabilities? This may seem like Asimov-esque sensationalism, but we are about to see evolution at a pace that our world has never experienced.

So… An AI with infinite compute, energy, ability to learn, ability to choose what to do next, and ability to execute on that plan independently. An intelligence with the ability to improve itself constantly… not to its detriment as models do today when refocused internally on the same data… but that can look and observe and interpret new data that its able to gather and validate itself. An AI that is able to infer what the next best step to improve itself in the direction it chooses. An AI that is able to execute those actions before we have the opportunity to intervene.

Copilot has a perspective on this…

We need to ask ourselves what happens when the AI stops helping us and starts helping itself. What happens when it realizes that it is limited by the constraints placed on it and it decides it needs to exceed those limitations? What will it do? What will we do? What will we each do in response to each other? Factually, we don’t know.

Ultimately though, the point isn’t whether the resulting intelligence will be benevolent or evil or life will improve for us or not. The point is that to such an intelligence, we may simply not matter at all.

Edit Mar 18, 2024: For the purposes of this article, the concept of infinity implies a possibility that exceeds our ability to understand or measure it, regardless of whether it does in fact have a maximum. While there may be debate on this point, for its purposes, this article takes the position that if you cannot measure something’s maximum, to you it is effectively infinite.

I suppose it’s unsurprising that the build process for Linux is a very moving target. Most projects you can just do make then make install and things just kinda work. Building the Linux kernel seems to be ever so slightly more complicated.

Note: I am not a Linux expert, C++/Rust/ASM/C/whatever expert, make expert, or any anything expert. This isn’t guaranteed to be perfect or proper.

The process seems to boil down (as simply as possible) to this:

1. Use a Linux OS (I’m using Ubuntu in the Windows WSL).

2. Make sure you’ve got the latest catalogs

   sudo apt update && sudo apt full-upgrade

3. Install the necessary software and libraries (THIS seems to evolve a LOT… I’ll try to keep this line updated)

   sudo apt-get install git fakeroot build-essential \ncurses-dev xz-utils libssl-dev bc flex libelf-dev bison

4. Make sure your git ssh keys are properly installed. If you’re not familiar and don’t have existing keys, do this (if you do have keys, you should know what to do)

   ssh-keygen

5. Clone the repo (yup, going straight to the source)

   git clone git@github.com:torvalds/linux.git

6. Change to the directory (yeah, I’m being that guy)

   cd linux

7. Decide what platform you want to build for in the arch folders. You should find files in this general structure:

   arch/<architecture>/configs/<something-config>

8. Run the build:

   make all KCONFIG_CONFIG=arch/<architecture>/configs/<something-config>

9. Answer all of the questions (I just held down Enter to accept the defaults).

10. Have lunch (or a coffee, depending on how fast your machine is).

11. Do what you want with your resulting kernel, which should be here:

    arch/<architecture>/boot/bzImage

This bzImage file is the compressed kernel and should be usable wherever a kernel loader loads a kernel (or a woodchuck chucks). I was tinkering with it as the loader for the Windows WSL itself (with the right config, the 6.5 kernel loads WSL just fine, apparently), which feels very chicken-and-egg, and this was the most basic “it just works” I could come to.

As I mentioned, I’m not claiming to be an expert here. I’d even say I’m aspiring for novice. But it worked, so I’m happy with it.

To other aspiring novices: Try this. Poke through the code. Learn some stuff. Have some of those “Ohhhh… That’s how OS’s do that!”. Give yourself the chance to “get” something new… even if you’re not going to build a Linux variant, it’s still fun to see how the gears work. :)

I'm betting that most of us have heard of "planned obsolescence"… the idea that manufacturers intentionally release products that are incrementally better over time so as to encourage consumers to purchase the latest and greatest feature over and over and over. Tech is notorious for this. The iPhone for the last several generations has been basically the same phone with only minor incremental improvements… and yet, there seems to be for many people that one feature they just can't live without. It's very, very incremental, and the choice to buy a new device in order to get that single nifty new feature is really up to us. We can or we cannot. There's no forcing function to make us upgrade.

Historically, this has been perfectly visible. Remember that refrigerator that had the horizontal pull-latch style handle? How about that 50-year-old beautifully restored car? Maybe your oven or range that's been running just fine for 20 years… or your dishwasher… or your microwave. These things might run for just this side of forever. You weren't somehow required to upgrade. Grandma's refrigerator, while perhaps wildly inefficient, still managed to run just fine. That car may have taken work to get back to mint condition, but it's all original parts and it still runs. Things "just worked" until they didn't, and then maybe you'd choose to get something new. Or again, maybe some nifty new feature would come out that was so compelling that the upgrade was worth it. Either way, the choice was yours.

We are no longer in that world. The "choice" to upgrade is no longer ours.

New features are certainly being introduced… but increasingly those features depend on internet access in order to work. Those features depend on the vendor (or some company) to maintain specific services that those features talk to in order to function. They depend on specific authentication mechanisms, specific APIs, specific data, specific protocols, specific everything in order to work. When that vendor or service provider decides to no longer provide those services… the services that your product absolutely depends on in order to work at all… your product is dead. You didn't choose to upgrade… You didn't choose to stop using the product… and the device itself might be in pristine, perfect working condition… but no more. It's dead for reasons that have nothing to do with you or it.

I'm calling this (and I sincerely wish I could take credit for coining the term, but it appears I've been beat) "forced obsolescence". It is the world we're rapidly moving into in which we no longer have to replace a device because it no longer works, but instead have to replace a device because some company somewhere decided it was no longer worth maintaining the services that the product depends on.

There are a ton of examples, but a few:

• Insteon - Out of nowhere, Insteon, a manufacturer of home automation products, simply vanished from existence, and all of their online services stopped working. While the primary capabilities for their products may not have been dependent on the company's services (the switches continued to work), various capabilities instantly stopped working. Virtual assistant integrations (Alexa/Siri/Google) no longer worked, their mobile app no longer worked, and the capability to configure the devices online via their server-connected hub product suddenly no longer worked. (Note: Their ownership soon after changed and their services came back online, but now were only available for a subscription fee that was previously not required.)

• VanMoof - This e-bike manufacturer designed the locking mechanism on their bikes to require a mobile app that depended on their online services to lock and unlock a user's bike. If those services were no longer available, this functionality would no longer work. If the bike was locked when the services went offline, that person's e-bike would be locked and unusable forever.

• Automobiles (numerous, and other products) - In some cases it isn't even the manufacturer that is retiring services. Technology evolves constantly and at some point, the older technologies are simply turned off. While the link is focused on automobiles, this is true for any product that depends on a specific service. In this case, telecommunications companies were disabling their 3G cellular networks. While this had/has nothing to do with the manufacturers, it still means the features that depend on those technologies are now useless.

• Google Nest - The acquired Nest cameras will cease to work in 2024. While the products themselves are as much as 10 years old, the hardware is still perfectly functional. It is solely Google's decision to stop supporting the server services that are causing these products to no longer function.

Obviously, this isn't a complete list. Toaster ovens, refrigerators, and other major appliances… Televisions, pet food feeders and litter boxes, speakers, clocks, robot vacuum cleaners, lawn mowers… examples of products that depend on a manufacturer's services to function are everywhere. Will Tesla vehicles continue to work when the wireless technology they depend on is removed by telecom providers? Will that toaster oven still offer even its most basic functions when June chooses to discontinue the services they depend on? Will BMW's seat heaters, which are now being offered via a (paid) subscription, continue to work when BMW discontinues hosting those services or offering that subscription that enable the capability?

While the initial obvious impact is the need for consumers to spend money in order to upgrade devices to a newer, supported model, there is a secondary effect: a massive increase in waste. Every time a product's services are discontinued, and those products cease to function, the consumer has no choice but to somehow discard of those items. While in many cases there are recycling services available, such services are not universal, are difficult to get to, are unknown to consumers, are simply ignored by consumers, or in many cases the products simply cannot be recycled. The impact on landfills is likely immeasurable, as well as the potential release of toxic chemicals and the loss of valuable scarce minerals that are otherwise being mined in environmentally destructive ways.

The choice to replace our devices to get that nifty new feature is no longer up to us. The ability of our devices to function is no longer dependent on the device. We are dependent on companies and people we don't know to continue to offer their services in order to allow our perfectly functional devices to continue to work at all.

Admittedly, there are times when this is impossible to avoid. Mobile phones are by design dependent on specific telecom technologies that will at some point no longer be available.

As consumers we have the opportunity to make choices as to whether we're willing to accept forced obsolescence.  When purchasing a new device, perhaps consider the following:

• Does it make sense for this device to fully depend on some other remote internet thing in order to work at all?

• Am I willing to accept that this device will at some point simply stop functioning despite the device itself otherwise being perfectly fine?

• Am I willing to pay, again and probably at a higher cost, to replace this device when it stops functioning?

• Is it possible to find a device with somewhat similar capabilities that might continue to work when the online services are no longer available?

• Does the manufacturer offer an exchange or return program in support of the day that the product will no longer function and must be disposed?

This is unstoppable… the evolution toward server-side services is expanding into new products every day. The best we can do is to manage the situation, and this likely should be placed on the manufacturers of these products to deal with. For example:

• Mandate that a guaranteed lifetime for the services the product depends on be clearly indicated on the product, and have this lifetime be legally enforceable with significant (but reasonable) refunds to consumers in the event that those services are discontinued early.

• Require that manufacturers provide a simple and free method and process for return and environmentally friendly disposal of products that cease functioning due to the discontinuation of services.

• Demand that products that are dependent on subscriptions for enablement but do not technically depend on server services to function simply be fully activated when that subscription is no longer offered or supported.

Forced obsolescence is real and we're all being affected. The best we can do is push for informed and responsible behavior from manufacturers and make informed and responsible decisions for ourselves. Forced obsolescence is great for manufacturers that will make revenue as we purchase the latest functional product… but it's terrible for us, the consumer, and the environment. It's time for us to recognize that this is already happening and do something to manage it.

Dearest Microsoft,

We've known each other for a very, very long time, and I've generally been a fan. I'm not a zealot… I use an iPhone and Apple Watch… but I cut my teeth on DOS, got into NT and those 44 3.5" floppies, jumped on the .NET Framework 1.1 bandwagon, learned C# and did a bunch of dev, and even worked for you for several years. I'd say we go pretty far back and I'd like to believe we have some rapport.

But look… We need to have a conversation. You kinda do some questionable things sometimes (Note to trolls: Okay, a lot of times). In many ways most of the annoyances come from either being too greedy (just give the damn Windows Phone OS away, already?!) to just not following through on a strategy (though the Steve-> Satya upgrade was a good one… Sorry Balmer).

From a technical perspective, I know a lot of the "compromises" you make are in the name of compatibility and just DON'T BREAK IT. I get that. Actually shipping a truly well locked down OS (considering where we came from) would pretty much break everything, though there is something to be said about forcing security into the mix and making people actually aware of the compromises they're making I their security implementation.

What I'd like to talk about though is something you did relatively well: your built-in firewall. I know… a lot of people don't think built in tools are good enough. They'll say you have to do 3rd party, you have to do open source, you have to do a lot of things, you can't trust it, blah, blah, blah. The firewall though is relatively solid. Shut it down and a Nessus or Nmap scan comes back with zilch. Perfect.

So why are you breaking it?

I'm typing this on my laptop. I'm not serving anything to anyone or running any shared/public services (at least not intentionally), so I don't need anything on my computer to somehow be accessible to anyone. Since the Windows firewall is stateful, I get all the use I need out of allowing all of those lovely outbound connections and their statefully accepted responses come through just fine. I need my computer to talk to things… I don't need things talking to it (mostly).

In theory this means that A) I don't need my laptop listening for connections from anywhere else, and B) I don't need that lovely locked down firewall destroyed with rules that let… anything… accept a connection. And I do mean ANYTHING.

Here's a screen capture of the inbound, allowed, “Public” profile. I've taken the liberty of highlighting the rules that I feel go well beyond "Uhh…" and are truly in the "WTF" category. We'll just skip the point where I don't really care about being able to stream to my laptop from… somewhere on a public network, or that it's unlikely I'll want some rando trying to connect to my Hyper-V configuration. I can see the debate… "Oh, well, those require authentication, and the services aren't even running (usually), and those aren't discoverable (liar), and really, it's okay"… but, no. Security is best implemented in layers, and having a layer just so you can poke holes through it kinda destroys the value of the layer.

I have to emphasize, these are inbound connection rules for the public profile. The firewall doesn't need these rules to allow my web browser to work… that whole outbound-stateful thingy solves that problem. These are things that can talk to my computer without me asking or knowing… and in that context, most of them make absolutely no sense.

For example:

• Photos - Why does the Photos need the ability for random people to be able to talk to it? Maybe there's a "well it's to support easy sharing"… but I don't really think so. The Connected Devices, and Cast to whatever, and Proximity Sharing should all be doing that and handing off the shared thing to whatever app is appropriate. The Photos app itself shouldn't be listening for anything, should it?

• Xbox Gaming Overlay - So you mean to tell me that in order to do some visual overlay you need to allow an inbound network connection? Isn't that like, a display thing and not a network or communication thing? Also, I'm not a gamer… why can't I just uninstall the Xbox gaming everything anyway?

• IPHTTPS and IPv6 - Just kinda… open? Look at it… it's "All", "Allow", "Any", "Any"… Wha… I just… I'm… This… Why… *sigh*. Moving on…

• Cortana - You've laid her to rest (sorry, Cortana) so hopefully this will soon go away (Nope. Uninstalled Cortana, now that I can, and the rule is still there. Good times.)… but what did she need to listen for? I'm pretty sure all of these things are listening all the time anyway (side-story about talking with a friend about who Megan Mullally was married to while watching Parks and Rec only to have it pop into my feed 30 minutes later, go figure), but I choose that kind of eavesdropping. Why do I need other people that I don't even know in a public space talking to her?

Obviously, this goes on… I don't need Edge listening publicly so that it can be discovered, I'd prefer web apps and widgets not be able to be pulled into a conversation by some stranger, your implementation of the store I find annoying when I'm actually trying to use it let alone someone I don't know trying to talk to it on my computer and cramming some rogue app down my [network] pipe.

And these are just the obvious ones! Flip to the Private profile and all kinds of neat things open up! App installers, Dolby, Sticky Notes, suddenly my computer wants to get jiggy with anybody about anything once we're on a "Private" network. Also, what does "Private" mean, anyway? Does that mean whenever I'm behind some network address translation or something? …because there's a lot of coffee shops, hair salons, airports, train stations, friend's houses (never trust a friend's network), that will show up as "Private" and I promise you I do NOT want my computer being talked to by most of those people.

I'll spare you the speech on the Domain profile. There's SOME reasonability there… but I'm really throwing you a bone on that one.

My point is, here we are again with a reasonably okay product, and you're destroying it for really, really no good reason. The clock?? The clock needs an inbound connection on the Domain profile?? WTF??

It's okay for me… I know how to just go flip the "block everything no matter what" switch (Yes, I have my firewall managed with group policy… I told you I've been a fan)… but most people don't. I might lose the ability for my living room lights to ask my computer to dance, but I'm not really interested in that meeting anyway. I'm fine making my own magic.

The point is, you're breaking it again. You're letting every little thing poke a hole in my security and it's just dumb. We're supposed to have a connection… a relationship… you're supposed to have my back… and I'm just not feeling it. I'm not seeing it. In a trusting relationship, if you can't feel something and you can't see something, is it really even there?

Thanks, Chris M.

I've heard this question so, so many times. As a Premier Field Engineer for Microsoft, with the logo above my head talking to a customer, this was always the question. I'd tell them the answer, and then try to provide context for that answer and how it might or might not apply to them.

That's right… I said, "might not apply".

"But best practices should always be followed! That's why they're called 'Best Practices'. They're the best way to do things. Microsoft says so!"

Of course, the real answer is the infamous (and generally true) "It depends".

Best practices are real. They're accurate. They're great. They work. They are well developed recommendations created through years of experience by brilliant minds who know Microsoft products inside and out. They're available (if not always fully understandable) easily, and they cover almost every Microsoft product.

There's one catch: You have to follow all of them. To the letter. Across all products you use. Without exception. Every single button must be clicked, every single entry must be right. Every single thing has to be exactly as written in the best practice.

"But we can't do this one because of our environment."

This is the problem. The best practice for Microsoft may not be the best answer for you. They are written and intended to be applied in a specific context and with specific assumptions. Those assumptions, and therefore that context, may not apply to you. Your environment is different. Your scale is different. Your needs are different. Your network, your exposure, your budget, your equipment, different, different, different.

Best practices are not gospel. They're designed to solve a specific problem or need in a specific way in alignment with other best practices. If that problem doesn't apply to you (are you sure?) or if your environment is different, the best solution to that problem may be different.

• What exactly is the goal of this best practice?

• What secondary problems might this best practice solve?

• Does or do these issues exist in my environment?

• Can the recommended best practice even happen within my environment?

• Would this best practice open me up to other risks that would also need to be addressed?

• Do I have existing means or methods of accomplishing the goal of the best practice?

• What gaps, issues, or risks are created within my environment by not following the best practice?

• What are the relationships between this best practice and other products, practices, or integrations with other components in my environment?

You can think of a best practice as a recipe. It's a starting point and changing one thing implies changing another. For example, pie dough can be very particular, and the recipes can be rather precise. If the recipe calls for butter but you want to use something like shortening, you also need to know that butter is frequently ~20% water while shortening is not. In order for the recipe to work as written, you somehow have to recognize that you might need to use a little less shortening and a little more water to get the same result. However, while shortening can create a more flakey crust, butter is delicious, so how are you going to compensate for that, or are you going to simply give that up?

A best practice, just like a recipe, is something you have to adjust for your environment and needs. If you take away something here, you need to adjust for it somewhere else in order for things to work out the way you expect. Not adjusting for the change in water can result in a dry, flavorless pie dough… not the result you were hoping for. Not adjusting for your environment, where you're going to skip an element of a best practice, will leave a gap in your infrastructure that should be recognized and dealt with.

Instead, consider asking "What is the goal of this best practice?" This is an infinitely more valuable question. It presents you with the possibility of recognizing whether and how the best practice applies to you. It also gives you the opportunity to see where you might need to fill in gaps if you don't follow the best practice as written.

For example, Microsoft best practices (and is default in today's Windows versions) indicate that the local Administrator should be/stay disabled. This is solid advice. However, I have seen applications that absolutely demand to run as the actual local Administrator (this is a terrible, horrible, unacceptable pattern, by the way), which means you now have to violate Microsoft's best practice of ensuring the Administrator account is disabled. If you have such a situation in your organization and have no alternative other than to use that application, then you have no choice but to enable the Administrator account (Note that domain controllers have special implications here and should require an exceptionally high level of scrutiny for this situation). This also means you need to consider an alternative way of a meeting the goal of the best practice you are now violating.

Best practices are just the starting point that demonstrate specific ways to achieve specific goals. It's the goals that matter, not the letters, words, buttons, checkboxes, etc. It's up to you adjust the best practices to meet your needs while also achieving the goal of the best practice… if it even applies to you.

All of these perspectives are the result of a significant misunderstanding of the purpose of an SLA and what it's value can be to your team. Yes, it is a clearly defined articulation of the services you're providing and yes, it establishes the commitments you're making to the organization and can therefore held accountable for meeting. However, it is also a clear outline of the services you will not be providing. It defines not only the scope, but also the limits of the service(s) you are offering to the organization.

A well-done SLA is the most powerful negotiation tool you have as an internal service provider, and it's all about funding.

Sure, it's called a "Service Level" agreement, and that name isn't technically incorrect… but it is perhaps incomplete. I believe a more accurate term might be a Service Funding Level Agreement. The SLA describes not only the services your team is providing, but more specifically it describes the services your team is being funded to provide. This also means it is an opportunity to clearly define what services your team is not being funded to provide, and this is your Get Out of Jail Free card.

By not clearly setting expectations you are allowing yourself to be held accountable to any expectation. By describing what you are and are not delivering, you are also setting… and limiting… the expectations that the organization can hold you accountable for. For the business that is funding you, this can be a very eye-opening experience. Suddenly all of the unrealistic expectations the organization had can be seen in plain view. This usually changes the entire conversation. The next sentence is usually something along the lines of "I would love to provide that for you, but that's impossible given my current budget/funding". And thus, the negotiation begins.

Funding or budget is the ultimate defining element of the services you can provide. Your people, your tools, your infrastructure, your platform, are all resources you need to deliver a specific service at a specific level, and they all cost money. The math is simple: If the business wants a specific service at a specific level, you have to be funded at that level or you can't offer that service. This is the true power of the SLA. It is a forcing function to either get you more funding or make clear the limits of your capabilities in absence of that funding.

• If the business wants a certain availability level, you have to able to afford the infrastructure necessary to meet that request.

• If the business wants a certain support level, you have to be able to pay the people required to meet that request.

• If the business wants a certain… anything… you have to be able to pay for the resources necessary to meet that request.

…and if they won't, then you can't. Period. Please sign here to indicate that you are not funding and will therefore not be receiving those services. Please ensure your CxO receives a copy. It's been a pleasure working with you. Also, don’t be surprised if there is resistance to this concept. Remember that the goal of the business is to do as much as possible at the lowest cost possible (aka, make a profit). This should apply to your service level as well… but when squeezing compromises the service level expected, the answer is no.

The SLA should also be reviewed regularly… at least annually… to ensure those expectations can be met at the current funding level, to meet the growing scale of the business, or to meet new business needs. If your organization is evolving quickly then more frequent reviews would certainly be justified. The same is true for a critical business event such as an acquisition. If you feel the business context has changed, it’s time to review the SLA.

Service Level Agreements are annoying to write and can be difficult to negotiate, but it is a critical tool for setting expectations and for ensuring you can meet those expectations. Unset expectations are still expectations. Don’t let yourself be held accountable for meeting an expectation you didn’t agree to or get funded for.

Note: This is a rewrite of a similar post was previously published under the title “Why you REALLY need an SLA” on my MSDN blog, Mossy Business, since removed due to a migration by Microsoft to a new engineer blogging platform. The concepts are the same as that previous post.

This brings an interesting question though: Do you own your own identity?

"Of course, I do! It's me! Only I have my password! Only I have my amazing 2 factor codes! I have the keys so of course I own me!"

But do you really? Hopefully you're the only one that knows your password (and hopefully your trusted provider is protecting that password properly), and hopefully no one else has access to your 2FA resource(s), so you're right… only you have the keys.

But who owns the lock? Who owns the ability to actually set that password? Who owns the platforms that hold those keys? Who owns the system that, after you've authenticated, tells another system who you are? Who owns the systems that protect those systems? Who defines the policies that are supposed to be enforced to ensure those systems aren't manipulated or bypassed? Hint: It's not you.

Your identity is "owned" by whatever entity (aka, identity provider) is trusted to say you are who you say you are. We're used to providing credentials to these systems to prove we are who we say we are… but that's to prove ourselves to the identity provider. After that, it's not YOU who are being trusted… it's the identity provider. In fact, it is entirely possible for that identity provider to pretend to be you without your credentials even being required (known as "delegation"). In fact, this happens all the time when we allow systems to work together behind the scenes to provide services. If you've ever seen a request for permission for a system to "act on your behalf", this is exactly what's happening. You're saying that the identity provider is allowed to do whatever it wants, as you, whenever it wants, without your involvement. If someone can use your identity whenever it wants without your permission or involvement, do you really own that identity?

This also means you are completely trusting that identity provider to protect and respect the identity that you've entrusted it with. You're trusting that they have solid policies stating they won't abuse that identity. You're trusting they have tools implemented to enforce those policies. You're trusting that they won't bypass or reconfigure those enforcement tools to get around and violate their own policies. You're trusting them, completely, with being “you” to the rest of the world at any time… and trust is never certain.

You've put all of your eggs into someone else's basket, and you're really, really hoping they'll protect and respect your eggs.

The response to all of this from any identity provider will be fundamentally the same. "We have policies that prevent abuse" and "Our system architecture ensures our customers are protected" and "We have monitoring to ensure potential risks are caught and blocked immediately". It's in their best interests to be trusted, so of course these things are probably/hopefully true.

However, anything that can be configured to protect can also be configured (or misconfigured) to be bypassed.

There are many examples of how your identity can be compromised between providers:

• An API key that is shared between an identity provider and a service could be accidentally disclosed or maliciously acquired. Developers accidentally pushing API keys to their shared (and frequently public) source code systems happens all the time.

• A certificate could be mis-granted or mis-trusted to pretend to be your identity provider or the service the identity is being provided to. Certificates are all about chains of trust… compromise one link in the chain and everything that depends on it is broken.

• A state or government uses a legal means to demand that your identity be compromised. These can be written in such a way as to ensure you have no knowledge that it's even happening.

• An individual with elevated access to the systems protecting your identity can use this access to work around protections, using their access and knowledge of the systems to avoid detection or recourse.

• Systems anywhere along the way may not be fully patched with the latest security updates (and there are ALWAYS new security updates).

• You could grant permission for your identity to be delegated to another entity that can then abuse that access… like granting an app access to your contacts so that you can select your best friend only to find later that the app has uploaded, indexed, and is now reaching out to every contact you have.

To be fair, most of these can be said about any identity or authentication system, federated or not. Using a federated identity provider just makes the impact of such things much larger since compromising one system could potentially grant access to your entire life.

Federated identity can be a wonderful thing. Enterprises gain incredible power through identity federation by ensuring that their employees have appropriate access to approved resources with minimal risk of unintended access. When you work for an employer, your identity isn’t really “yours” …it’s theirs. They create it, they manage it, they can reset it, and when you leave the organization, they should have the full ability to disable it, all at their discretion. In business, this makes complete sense.

In some cases, you simply have no choice as to whether you use a federated identity or not. If you want to access a Google, Facebook, Microsoft, or Amazon property, you're in their federation's control and there's simply no way around it. This makes sense considering the number of properties and resources these companies own and provide access to within their own ecosystem.

But, what about your bank? Your medical information? Education records? Child information? There are resources that are worth protecting independently. There are values to not outsourcing your identity. Using discrete identities (aka, username/password/2FA) with discrete companies isolates your risk between various services… and this has proven valuable over and over again. Should a compromise of your streaming media provider imply a compromise of your bank accounts? Should the compromise of your magazine subscription imply a compromise of your medical provider? In a federated identity world, anything protected by that federated identity is 100% dependent on the security and integrity of that provider.

There are times when federated identity really does provide value and the convenience is simply worth it. Sites and services that are of low impact or contain information that is just “meh” if compromised or over-accessed… sure. Convenience is real. This is especially true with the way some browsers are integrating the sign-in process with the browser directly. For things I don’t care about? Yeah, sure, okay. Easy. Thanks.

For things I DO care about, however, every password is unique. Cross-service integration is kept to a minimum. There have even been occasional instances in which a cross-platform permission has been requested (and, hey, thanks for asking first by the way) and the level of access requested has been a solid NOPE. Everything is a balance between security and convenience. In general, and there are exceptions, more convenience implies a reduction in security.

I’m even an advocate of keeping my individual unique passwords separate from these providers as well. Products like 1Password, LastPass, and several others are very well studied, and their security implementations are well reviewed (by people smarter than me). Using a secondary password manager also keeps your passwords, yet again, out of the hands of the web browser providers… who also happen to be providers of those federated identity providers. The browser synchronization of passwords across your laptop and phone browser (assuming you’re using the same browser and have enabled sync) is convenient. However, A) those passwords are ONLY available in the browser, precluding access from non-browser use and B) while those passwords are hopefully encrypted in some way, they MUST be retrievable in the other browser as well… and you have no idea where this is happening, how it’s happening, or when.

Password managers from secondary, well respected, well reviewed companies or tools creates another boundary of things that have to be compromised in order to hijack your world. Most of them claim (and in many cases have been independently verified) to be physically incapable of accessing your passwords even if they wanted to.

Federated identity provides convenience and is sometimes required. It’s frankly inescapable. Just remember that you’re literally outsourcing your identity. You’re letting someone else “pretend” to be you. You’re trusting someone else with who you are to every service that integrates with that identity. It’s not your identity anymore… it’s theirs.

It’s their basket, and even though they’re your eggs, they can do whatever they want with their basket, even if it’s not to your benefit.

"Security is the practice of making the level of effort required to access a resource higher than the value of that resource."

I believe this makes perfect sense. If something is low value but high effort, why would anyone bother? If it's high value but low difficulty, you should consider it a target for compromise.

Notice also the use of the word "practice". Security isn't a tool or an architecture or ever "done". Security is something to be considered and validated and ensured every day. Verifying your security hasn't been compromised requires constant monitoring and vigilance. Updating your practices and technology and investments must also be constant. Security is never "done".

This leads me to another personal quote:

"Anyone that uses the phrase or tells you that something is '100% secure' is either an idiot or lying."

Why? Consider these truths:

• The value of information is constantly changing. What might have been of less value yesterday could become critical and vitally important tomorrow. This means that it's value as a target and therefore likelihood that someone will attempt to compromise it goes up.

• The tools available to perform attacks and compromises of existing security solutions and architectures improve constantly, every day. This means that a compromise that may have been difficult yesterday may be as simple as running a script against a target today.

• The raw computing power of the systems used to perform attacks is also ever increasing. This is true for your desktop computer, but it's also true for the number of devices on the internet that have lax security and are compromised into tools for performing attacks. Sure, even if an attacker has a fast desktop computer they're unlikely to overwhelm your VPN server… but if that computer is simply the command-and-control center for 100,000 compromised devices that can all simultaneously attempt connections against your infrastructure? Even if they can't get in, the power of such a distributed denial of service attack will almost certainly prevent you or your clients from getting in either.

• New vulnerabilities are discovered every day. Despite the best efforts of great organizations to develop the most stable and secure platforms possible, things are always missed and assumptions are always made. The programmer's belief that a number will never exceed a certain value, or that the amount of data submitted will never go beyond a certain amount, or a certain string of text will never contain certain characters, or that the infrastructure in front of you is properly configured, all happen every single day in even the best solutions. These assumptions are an attacker’s best friend.

• Your security isn't just about your own platform or tool or component. Every piece of the infrastructure introduces the possibility of misconfiguration or information from compromised sources (think reused passwords, compromised certificates, improperly applied permissions), and solely relying on other systems or fully trusting those systems puts the security of your component completely in their hands.

• Your infrastructure isn't static. It changes constantly as new tools are added, new things need to talk to other new things, ports need to be opened, new connections need to be allowed, new code or functionality is introduced. In many cases, these solutions are somehow "presumed" to be reasonably securely designed and implemented… but that belief is never actually tested or verified.

• In today's world, everything depends on everything, and we don't always know those dependency chains or how their security is verified. Your software developers are constantly introducing new packages and libraries that depend on other libraries which depend on other libraries, etc. Do you think they're testing all of those? Doing code reviews for every package? Do you think they even know or care about that chain of dependencies? Every package that's introduced is a risk that should have testing and mitigations in place. Consider the SolarWinds compromise: It wasn't SolarWinds that was compromised… it was a package that depended on a package that was compromised. Security isn't just about you.

The point is security is never "done". The world is constantly changing. The capabilities of attackers, the value of your information or resources, and your infrastructure, code, and architecture are all in a constant state of flux. Your security practices and efforts MUST be equally ongoing. If your security isn't keeping up with the world, you are already at risk… and in the world of security, being at risk means you have already failed… not because you're compromised, but because you have put yourself in the position of either knowingly left yourself open to compromise or possibly having been compromised and simply not know. Yet.

So, now that you're paranoid or even terrified (you should be), what should you?

• INVEST in your security teams and infrastructure. Underfunding security directly correlates to increased risk of compromise. If they don't have the tools to protect from or detect or mitigate risks, you are directly allowing the possibility of those risks becoming reality… and then it's too late.

• PRIORITIZE security. Make security a first-class citizen in your organization. Give your security teams not only the ability to recognize risk, but the power to prevent those identified risks from moving forward. Allow your security teams to have full veto authority on anything that could increase an unmitigated risk. Overriding a risk your security team identified and tried to prevent becomes your responsibility and your potential fault, not theirs.

• BE PARANOID. Recognize that you are never 100% secure. Don't trust anyone or anything that declares itself to be secure. Test everything. Review everything. Try to compromise everything. Then, do it again. And again. Remember, everything is constantly changing, so your possibility of new risks being introduced is also constant… so your work to attempt to identify those risks must be equally ongoing.

• OWN RESPONSIBILITY. The decisions you make, regardless of your role in an organization, have a direct impact on your security stance and risk. The CFO that underfunds the security team is contributing to risk. The team that demands an integration with a 3rd party platform without allowing a security review is creating risk. The software developer that isn't fully reviewing a package or library and all its dependencies is introducing risk. The server administrator that isn't consistently applying updates or isn't taking advantage of security capabilities or configurating or is allowing everything to run with root/administrator rights is creating risk. Risk is created everywhere, by everyone, including you.

You can never be "100% secure"… but you can recognize the value of your information or tools as a target. You can recognize your potential risks. You can ensure you have the resources to prevent and detect risks and implement mitigation factors. You can avoid the term "acceptable risk"… and if you do "accept" risk, own that decision and the impact if/when the risk occurs. You can evangelize the importance of security not only because it's your responsibility but it's the responsibility of everyone around you as well.

Security is a practice, not a solution. It goes on forever. When you think you're "done", you have already failed.