I read this article in the New York Times with interest, because I am an information security auditor by trade, and we have been educating companies and regulators about the dangers of Ransomware for what seems like forever, but has probably only been four of five years now.

The part of the article I found most interesting, because I have worked in and for the insurance industry for the past twenty years, relates to cyberinsurance:

Fearing the worst, cities like Lake City, Fla., have bought cyberinsurance, and an insurer paid most of its ransom this summer. But some experts think that is only worsening the problem. “We see some evidence that there is specific targeting of organizations that have insurance,” said Kimberly Goody, a manager of financial crimes analysis for FireEye, a major cybersecurity firm, which says it has responded to twice as many ransomware attacks this year compared with 2018.

I have two main observations about this section:

First, it is galling that the typical fix for ransomware attacks is to pay the ransom, and rely on the good faith of the bad actor who locked away all the data to actually restore the encrypted data.

Second, that attackers are targeting companies that have done the fiscally responsible thing and obtained cyberinsurance to mitigate their ransomware risks is a perverse form of adverse selection. I am sure the cyberinsurance industry is working out ways to incentivize their customers to reduce their ransomware risks, because that is what insurance companies do, but organizational inertia and lack of funding will make it difficult and time-consuming to succeed.

Ideally, companies and municipalities would keep their systems up to date through regular software packaging and hardware upgrades, and would inventory and back up their data, so that ransomware attacks would be less likely to succeed, and so that data could be restored without paying the ransom. Organizations could also reduce their attack surface in other ways, such as replacing Microsoft Windows with ChromeOS for classes of workers, such as call center workers, whose job functions do not require Microsoft Windows. ChromeOS is less likely to be attacked than Microsoft Windows, and its use would encourage centralized data storage and software, which are easier to keep up-to-date and secure.

Beyond hardware and software upgrades, organizations need to train their employees to recognize social engineering attacks, as that is the number one or two attack vector every year. Having gone through that training every year for many years, and having been tested at random by a program at my company, I have learned that social engineering attacks can be almost impossible to discern from legitimate emails and instant messages. I think that no amount of social engineering training is going to be more than 80% effective at preventing phishing and/or ransomware attacks, but 80% is a good start.

The main reason organizations do not put these controls and practices into place is money. The second is organizational inertia. Both can be solved, but only through additional resources and external pressure. As citizens and as customers, we have to demand that the organizations, both public and private, that we interact with, protect their data and our data sufficiently.

Red Sox broadcasts have been somewhat incomprehensible to me since Dennis Eckersley started doing most of the color commentary for NESN. I wish I had seen Chad Finn’s article, complete with glossary about a year ago.

Case in point (this is a quote from Dennis Eckersley from the aforementioned article):

“The other day something came out that was new, and I don’t know where the [expletive] it came from. I started saying ‘pair of shoes’ about three months ago, and honest to God, I don’t know where it came from."

As for “pair of shoes,” I actually had to look it up.

The Keto Diet Is Popular, but Is It Good for You? mjdescy.me

As a ketogenic dieter, Anahad O'Connor's article about ketogenic diets is pretty balanced, but his premise, described in the block quote below, doesn't hold up to much scrutiny:

Low-carbohydrate diets have fallen in and out of favor since before the days of Atkins. But now an even stricter version of low-carb eating called the ketogenic diet is gaining popular attention, igniting a fierce scientific debate about its potential risks and benefits.

I am grateful that ketogenic diets are being treated seriously enough to be written about in a national newspaper. Unfortunately, the New York Times is trying to teach the controversy, when no such controversy actually exists.

Here are some clarifying points about some of the topics discussed or touched upon in the article, from someone who actually follows a sensible, low calorie, vegetable-rich ketogenic diet:

1. There is no "Keto diet". There are a variety of ketogenic diets, all with the common element that they tend to put the body in a state of nutritional ketosis at some point (not all day long unless you fast; primarily while you are sleeping). All these diets involve restricting carbohydrate intake to very low levels, ranging from 0 g to about 50 g per day. They differ in meal composition, meal timing, and what foods are allowed or disallowed. Also, in real life, even people on ketogenic diets will eat a high-carbohydrate treat now and then.
2. Nutritional ketosis is not the same as ketoacidosis.
3. Ideally, ketogenic diets involve eating a great deal of high fiber (but low starch) vegetables. Imagine telling your doctor that you eat two huge salads per day, with four ounces of meat on them, one ounce of cheese, and a tablespoon or two of olive-oil-and-vinegar dressing. Doctors have told me that it is hard to eat healthier than that.
4. Ketogenic diets are"high fat", on a percentage basis, not necessarily on an absolute basis (as in, grams of fat per day).
5. Similarly, ketogenic diets are not necessarily higher in meat or dairy consumption that the standard American diet.
6. I have read many, many abstracts and articles about diet and nutrition studies. Almost every study I have come across demonstrates bias or lack of understanding of what ketogenic diets actually look like (they tend not to restrict carbohydrates in test subjects sufficiently), relies on bad data (epidemiological data, or prior studies' data, self-reported food logs), or have durations that are too short (you need more than a couple weeks to assess a diet change).
7. Sometimes the scientists' own conclusions do not seem to be drawn from from the data they collected. This often evidences itself when the study concludes that, despite outcomes being equal or better for ketogenic diets, there is concern about their heart health due to the amount of fat in their diet.
8. While you may believe there is insufficient evidence that ketogenic diets are healthy (whatever that means), there is ample evidence that the standard American diet (which I understand has spread to most of the world at this point) is obviously not. It it were, there wouldn't be an obesity epidemic.
9. I don't believe it makes sense to adopt an all-meat, or all-meat-and-cheese, diet. My reasoning: Fermentation of high-fiber vegetable matter in the gut is something humans evolved to do, and, for that reason, it is probably a good idea to continue doing so. I would understand if this argument were made more clearly in the article; instead some scientist’s statement that mistakes "high fiber" foods with high carbohydrate foods (i.e. starchy foods) is there, casting doubt about about the diet in a way that doesn’t make logical sense.
10. Ketogenic diets are not appropriate for some people, due to underlying medical conditions such as Type I Diabetes. This does not mean that that are not appropriate for anybody.
11. In the end, we are all n = 1 studies. It doesn't matter what the science says about a diet's effect on study participants or on populations, it matters how the diet affects you. Many, many people have success with ketogenic diets that they did not have with low-fat diets or with calorie counting. If low-fat dieting or calories-in-calories-out tracking works for someone, it makes no sense to disparage that person’s diet choices, and almost no one would. Ketogenic diets should be treated the same way.
    

All in all, the article is 80% of good content with 20% of nonsense thrown in for the sake of balance.

All my WordPress sites stopped working via XML-RPC, so I cannot publish to them with Ulysses or MarsEdit. I wonder what happened, and wonder how to fix it.

Opting out of forced arbitration for the Apple Card took me literally 5 seconds over iMessage.

I was finally brave enough to install Ubuntu Linux on the laptop sitting in my home office that serves as the family’s Plex Media Server. It helped that Windows Update messed up and rendered the machine’s original Windows 10 Home install unusable.

I got fed up trying to figure out how to fix Windows, so I burned a live USB installer for Ubuntu and tried it out. It worked very well, and made installing Plex Media Server a one-click operation. I turned Ubuntu’s automatic updates off, and hope that it will run smoothly, and not reboot sometimes for updates, like Windows 10 does, going forward.

I am well aware that Windows 10 Home or an old laptop are not appropriate for a “real” server. Someday I will have the money to buy a proper computer for this task.

I must be old. I am more excited about getting a new pair of eyeglasses this fall than learning about whatever the next iPhone is.

I got the Apple Card about a week ago, and just started using it this weekend. Here are some initial thoughts:

1. I very much like the security and privacy features Apple Pay and the Apple Card. I try to use Apple Pay whenever I can to take advantage of most of these features, no matter what card I was using.
2. I very much like the enhancements to the Wallet app on my iPhone to review transactions and spending.
3. 2% cash back on all Apple Pay purchases seems like a pretty good benefit to me.
4. 3% back on Apple transactions seems a little stingy, considering that Amazon and Target offer 5% back when you use their branded cards. I would get a much better cash-back rate buying an Apple product on Amazon, using my Amazon.com Visa.
5. The interest rate offered to me was the lowest that they offer, and it is a between two and three percentage points lower than the other cards I have. I never carry a balance, so it doesn’t mean much to me.
6. I had a false-alarm fraud alert shortly after I set it up. I made it my default on my Apple account, and a $30 annual subscription fee trigged a fraud alert. I contacted Apple Card support via iMessage, and cleared up the problem.
7. Buying different things changes the color of the card in the Wallet app, which is amusing. The colors correspond to the spending charts.
8. I had a lot of trouble adding the card to my Apple Watch. It took lots of fiddling with settings, but, fortunately, I did not have to unpair and repair the Apple Watch to my iPhone.
9. The titanium card is boring and heavy. I expect to never use it. Its best feature is that my card number is not printed on it.
10. Some common features are missing: a website, integration with personal finance applications, and joint accounts (or authorized users).

Sabbaday Falls

We got back from vacation last night after midnight. Today has been a busy day of unpacking and getting the house, and ourselves, ready for normal life again.

My vacation ends tomorrow. My family had a lot of fun and some relaxing days in the mountains, but boy do I miss WiFi!

This article by XKCD creator Randall Munroe amused me. My dad used to always say “Red sky at night, sailor’s delight. Red sky at morning, sailors take warning.” It is one of the sayings that he etched into my memory when I was a child.

Paradoxically, my children appear both to eat constantly and consume no food all day long.

I think the answer to the mystery is found the final paragraph of Nicholas Bakalar’s story:

Over all, there may be another factor contributing to the long lives of players: Major League Baseball has a robust retirement program, regarded as among the most generous in professional sports. Players get substantial pensions even after spending just a few months in the big leagues, and all players qualify for full medical benefits beginning on the first day they join a team.

I am a sucker for any article about baseball that isn’t about trades or the pennant race.

It’s amazing how much faster LTE is after 10:00 PM.

David Segal’s article poses the question. I hope the answer is yes.

Barnes & Noble has been sliding toward oblivion for years. Nearly 400 stores have closed since 1997 — there are 627 now operating — and $1 billion in market value has evaporated in the last five years. This week, Elliott Advisors, the private equity firm that owns Waterstones, closed its deal to buy Barnes & Noble for $683 million. Mr. Daunt will move to New York City this month and serve as the new chief executive.

I have lots of fond memories of Barnes & Noble over the years—despite the fact that I liked Borders even better. My wife and kids still like it, so we go to the one closest to us pretty often. It is, in many ways, a sad, pale shadow of its former self. The Nook section is large and empty. It is easier to find toys in there than books. I don’t really understand why they still sell so many DVDs and CDs in the back.

“Frankly, at the moment you want to love Barnes & Noble, but when you leave the store you feel mildly betrayed,” Mr. Daunt said over lunch at a Japanese restaurant near his office in Piccadilly Circus. “Not massively, but mildly. It’s a bit ugly — there’s piles of crap around the place. It all feels a bit unloved, the booksellers look a bit miserable, it’s all a bit run down.

I keep wondering when our local store will shut its doors, though I don’t want it to. I am eager for a turnaround.

I really enjoyed this profile of Nicholas Cage, by David Marchese.

I wanted to know why Cage, Hollywood’s greatest surrealist, whose personal and creative unpredictability has led him to attain near-mythological status in certain corners of the internet, acts in so many movies — 20 in the last two years — and why so few of them make mainstream ripples. (His most recent release: the straightforwardly titled thriller “A Score to Settle.”) But mostly I wanted to know the method behind the seeming madness that informs so many of his performances.

It is a pretty fascinating read, even if, like me, you only have a casual familiarity with Nick Cage’s work.

The best part of vacation packing this year is not having to find a place for a massive stroller in the trunk of our car.

Monmouth County Fair

From Alex Health in The Information:

In a big shift, Facebook plans to signal its control of Instagram and WhatsApp by adding its name to both apps, according to three people familiar with the matter. The social network will rebrand the apps to “Instagram from Facebook” and “WhatsApp from Facebook,” the people said.

This is bound to end badly for Facebook. I can think of no one who thinks Facebook is a strong brand, let alone stronger than Instagram or WhatsApp.

🎵 The New Pornographers are releasing a new album on September 27 (via Jazz Monroe of Pitchfork). I love this band, and I love the music of one of their members, Neko Case, even more.

I am trying something new with Apple organization: Three apps in the home row instead of four, and only productivity related apps (and audio apps, which I use all the time) on the first screen. It is no longer organized based solely on what I use most, but what I need to get to the most quickly, when I need it.

My wife and I learned today that my two-year-old son has severe peanut allergies. My daughter does too, so at least we know what to do, but it is very unfortunate news. It is a deadly serious condition. There are so many foods that peanut allergy suffers can’t eat—most of which don’t even have peanuts in them, but are processed on equipment that also processes peanuts—that most packaged foods are disallowed. Most candy is unsafe. Hard ice cream, at restaurants and ice cream places, isn’t safe either, because it or the scoops used to scoop it get cross-contaminated with peanuts. Fortunately, we have found some peanut-free sources for foods like chocolate, and can bake our own treats at home. With two peanut-allergy-having kids, I think I’m going to be baking a lot of cakes at home from now on (for every birthday party, ever), and learning how to make things like chocolate candy and maybe even homemade ice cream.

Seeing this article, by Michael Cooper, today, a couple days before I leave on vacation, made me really miss visiting the Berkshires in Western Massachusetts:

For more than 80 years, Tanglewood, the bucolic summer home of the Boston Symphony Orchestra, has made the Berkshires a vital destination for classical music.

Now it is getting into the talk business, too.

Listening to classical music, at and after sunset, on Tanglewood’s great lawn is one of my fondest memories. Going to see a lecture there would be fun, too, I guess.