Filtered for recent computer exploits


Recents hacks are about finding holes in the deep physics of computing.

Here's a technical explanation of Spectre and Meltdown, the two recent big ones. The words alone are beautiful: Spectre can be thought of as a (previously unknown) fundamental risk of speculative execution, one that can now be weaponized.

Here's a metaphor explaining both exploits, to do with librarians. In short, they involve measuring how long it takes for the computer to look up hidden data. Even if the data is eventually not shared, the computer has a terrible poker face.

I see this as a kind of information asymmetry. Computer chip architecture is about the regulated control of information. The design never anticipated that unregulated information - time - would be brought in from the outside.

See also: Rowhammer, which is an exploit of how memory chips work where the wild information, intruding from the outer reality, is electromagnetism and geography.

As DRAM manufacturing scales down chip features to smaller physical dimensions, to fit more memory capacity onto a chip, it has become harder to prevent DRAM cells from interacting electrically with each other. As a result, accessing one location in memory can disturb neighbouring locations, causing charge to leak into or out of neighbouring cells. With enough accesses, this can change a cell’s value from 1 to 0 or vice versa.

That is, the fact that two memory address happen to be physically close to one another is completely outside the computer's knowledge of itself. Geography and electromagnetism have no presence in the computer's inner reality. But bring that knowledge in from the outer reality...

Rowhammer was able to use this to induce bit flips ... and hence gain read-write access to all of physical memory.


Long profile in the New Yorker of Sam Altman, the head of Y Combinator (the incubator behind startups such as Airbnb, Dropbox, Stripe, and reddit).

This line:

Many people in Silicon Valley have become obsessed with the simulation hypothesis, the argument that what we experience as reality is in fact fabricated in a computer; two tech billionaires have gone so far as to secretly engage scientists to work on breaking us out of the simulation.

Emphasis mine.


Here's an interesting exploit that I feel should be better known: System Bus Radio.

Some computers are intentionally disconnected from the rest of the world. This includes having their internet, wireless, bluetooth, USB, external file storage and audio capabilities removed. This is called "air gapping". [However] Even in such a situation, this program can transmit radio.

Computers can now write to memory with a high enough frequency that it's in the radio spectrum. Now you're hitting the RAM fast enough, you can play it like a xylophone and carve radio waves into the air.

There is demo code provided. And:

Run this using a 2015 model MacBook Air. Then use a Sony STR-K670P radio receiver with the included antenna and tune it to 1580 kHz on AM.

You should hear the "Mary Had a Little Lamb" tune playing repeatedly.

So what happens when my mobile web browser loads an ad that loads some Javascript that reads my bitcoin exchange password and then runs tight array loops that hammer out arpeggios on memory, broadcasting access to all my worldly possessions to anyone standing nearby with a old-fashioned AM radio tuned into 1580 kHz?

Breaking out of the simulation.


By volume, the Sun produces about the same amount of heat as a reptile.

Also the average density of the Sun is 1,410 kg per cubic meter: 1.4x that of water. Or to put it another way, the same as honey.

So yeah. The Sun. A million times bigger than the Earth. As hot as a reptile. As thick as honey.

Filtered for nice turns of phrase


How to award the contracts to run the overground railways in London:

Risk is like a balloon with a price tag attached to it

Nice turn of phrase.


PCalc is a calculator app, and it's 25 years old. From the announcement of the original version, in 1992:

Enclosed is a binhex file containing a submission for your archives. PCalc is a neat simulation of a programmable scientific calculator.

A simulation of a calculator! Now simply a calculator. Since the 90s, software has become part of the real world. The virtual no longer exists.


I like words and I like how they change. I like that sometimes everyone is using a particular word or phrase for a year or two, but look at the word closely and you'll see how weird it really is. Or there are some new words that are weird now, but I know they will be commonplace in the future.

I keep a list of words on Twitter.


From Rolling Stone's coverage of the unveiling of Magic Leap, the (potentially) groundbreaking augmented reality device:

"You're basically creating the visual world," he says. "You're really co-creating it with this massive visual signal which we call the dynamic analog light field signal. That is sort of our term for the totality of the photon wavefront and particle light field everywhere in the universe. It's like this gigantic ocean; it's everywhere. It's an infinite signal and it contains a massive amount of information."

Beautiful nonsense.

Fave 10 books from 2017

I only read 23 books in 2017. (31 in 2016; 42 in 2015.)

My favourite 10:

SPQR: A History of Ancient Rome, Mary Beard. I've been getting interested in Ancient Rome, thanks mainly to Dan Carlin's Hardcore History podcast -- in particular the series Death Throes of the Republic and the episodes on the Punic Wars. Beard has broadened my awareness to the social. The grand sweep of time - and the fact we're all still Roman in so many ways - makes this fascinating.

Four Futures: Life After Capitalism, Peter Frase. This book looks at two macro trends: abundance (via A.I. and automation) and scarcity (climate change). To see how these interact, Frase reintroduces the term class, built from first principles from the logics of capitalism and group allegiance. A vital term to navigate the late 2010s. Bonus: his four futures are illustrated with science fiction from books and movies.

Radical Technologies, Adam Greenfield. The first nine chapters are worth it in their own right, deconstructing technologies and asking the question: is the trade-off worth it. They serve to equip you for the barrage in the second half of the eponymous 10th chapter -- escape velocity ideas told with beautiful, luminous words.

Wolf Hall, Hilary Mantel. I'm late to Mantel's semi-fictionalised story of Thomas Cromwell's rise and fall (chief minister to Henry VIII and driving force of the English Reformation). The TV series is startlingly good: Mark Rylance is the embodiment of still waters running deep. It's the only TV that comes close to the 1979 BBC adaptation of Tinker, Taylor, Soldier, Spy with Alec Guinness. Like the TV series, the books - for complexity, legibility, and a gentle but relentless pace - do not disappoint. This is the first of a trilogy; the third is out in 2019. I'm reading the second now.

The Control of Nature, John McPhee. Nobody writes about nature like McPhee. He narrates complex tangles of people, history, fire, and water -- highly situated (the Mississippi, a volcanic eruption in Iceland, and an L.A. fire) but moving between the particular and general. Not my favourite by McPhee (that would either be his four volume Annals of the Former World for its weight and scope, or Encounters with the Archdruid for its humanity) but his deft sentences and ability to draw pictures are always a treat.

Neutron Star (collection), Larry Niven. I read a bunch of sci-fi. This year I've been enjoying collections of short stories all told within the same universe: it's neat to see an author explore ideas and consequences from a ton of different angles, and the the whole feels a lot bigger inside my head because of that. I've somehow missed reading into Niven's Known Space future history so far. He's got big ideas, and some cracking yarns. Great storyteller.

How Not to Network a Nation: The Uneasy History of the Soviet Internet, Benjamin Peters. Why didn't the Soviet Union build its own internet? The argument in From Newspeak to Cyberspeak (Slava Gerovitch) is that the political insistence on materialism stripped cybernetics (and therefore computing research) of metaphorical yet inspirational ideas like "memory" and "learning", constraining the vision of computing to simple calculation. Through detailed examination, Peters instead puts the blame on bureaucracy. Some interesting lessons here for institutions adopting (or not) new technologies.

(Peters has also shifted my attention from our familiar dichotomy of public vs private enterprise - that is, the state vs the individual - to polis vs oikos. When the state is, in parts, captured by private interests, it makes more sense to look at the two ends of the spectrum being the national community (polis) vs the household, or your flesh and blood (oikos). It's stuck in my head; worth thinking about more.)

The Good Immigrant, edited by Nikesh Shukla. What does it mean to be black, Asian, another ethnic group, or mixed in Britain? An immigrant or born here; in a race-based community or not; recognised or not? What do expectations from yourself and others feel like; what is identity. Here are 21 personal stories from different authors. Mind-expanding, thought provoking, intelligent, empathy-building, and it gets you in your heart -- not least because of my own story. A side note: I hope that this British perspective on race can contribute to an unpacking (and a reckoning) of our repressed memories of colonialism. This poisonous history is all the more poisonous for not being aired.

Platform Capitalism, Nick Srnicek. A look at the dominant technology platforms - Apple, Google, etc - not through the lens of technology as something new, but from the perspective of capitalism. Srnicek makes it possible to see that Uber's platform approach doesn't have any legs (it's just about exploiting labour, nothing new there) but that data extraction and processing does imply labour, and can help explain the weird adjacencies in the platform business models (e.g. why Google would get in such different businesses as advertising, email, virtual reality glasses and hardware.) This framing supports the view that data is the new oil.

One complaint: Platform Capitalism feels an introduction, like it's defining terms for a much bigger argument. And one misgiving: Srnicek says that social interactions cannot be seen as labour as (I paraphrase) they are not competitive. I disagree as online - whether on Twitter, LinkedIn, Instagram, or a dating app - per Zygmunt Bauman's Consuming Life, we are marketing ourselves and competing for attention, such attention making ourselves more marketable. Given this misgiving, I don't know how stable Srnicek's set of ideas is as a foundation for debate. Stimulating none-the-less.

Living Dolls: A Magical History of the Quest for Mechanical Life, Gaby Wood. A series of interlocking essays on the history of automata from the construction of mechanical people and simulated animals, to Edison's recording of the human voice and the early history of cinema in France. What Wood does is focus on the individuals, the movement of ideas and artefacts, and the historical context.

Filtered for music and history


Mechanical Techno machine:

Cut-up records on turntables stand in for samples and synths. Electrical contacts produce buzzes of sound as wires touch copper. Cowbells become kinetic, robotic sculptural elements. Basically, every rhythmic element is mapped into physical space, into locations on discs.

Also: Wintergatan's Marble Machine which is a mechanical musical instrument using 2000 marbles.

Also, my friend Tom Armitage has released an album and it is excellent. Listen: Between the Years, by Telechir. Equal parts live recordings and arranged work, for piano and/or electronics.


For 40 million years, trees were not biodegradable.

430 million years before present, the first vascular plants emerged from early tide pools. In order to stay upright, these plants employed cellulose, a chain of simple sugars ... it was easy to make and offered rigid yet flexible support

This is from How Fungi Saved the World.

90 million years later, heralding the Carboniferous period,

plants developed a new kind of support material, called lignin. Lignin was an improvement development over cellulose in several ways: it was harder, more rigid, and, being more complex, almost impossible to digest, which made it ideal for protecting cellulose. With lignin, plants could make wood, and it lead to the first treelike growth form.

But lignin made the lycopod trees a little too successful. Because their leaves were lofted above many herbivores and their trunks were made inedible by lignin, lycopods were virtually impervious to harm.

Dead trees piled up without decomposing. Compacted by weight, they turned to peat and then to coal. 90% of all today's coal is from this period.

Wood pollution lasted 40 million years.

Finally, however, a fungus belonging to the class Agaricomycetes - making it a distant cousin of button mushrooms - did find a crude way to break down lignin. Rather than devise an enzyme to unstitch the lignin molecule, however, it was forced to adapt a more direct strategy. Using a class of enyzmes called peroxidases, the fungus bombarded the wood with highly reactive oxygen molecules, in much the same way one might untie a knot using a flamethrower. This strategy reduced the wood to a carbohydrate-rich slurry from which the fungus could slurp up the edible cellulose.

Which leads me to think:

There's a ton of plastic in the ocean. Why not engineer a fungus to rot it? Having this magical material that lasts forever is absurd. This is a controversial idea I admit. But although I agree that we need to reduce plastic pollution (via social change and by regulatory intervention), cybernetics tells me that's a fragile solution. Homeostasis is to be found in a ecosystem of checks and balances: instead of eternal plastic, we need plastic plus a plastic-rotting fungus plus an effective-but-hard-to-apply fungicide. Then balance can be found.


Ancient Greek statues dressed in modern clothes.

Several images.


From 1878, here's a photo of Billy the Kid playing croquet.

It is only the second photo ever to be confirmed of the infamous outlaw and the only known photo of Billy the Kid with his gang, The Regulators. (They're all playing.)

Here's a thing:

Croquet became popular in the 1860s because it was the first sport that women could play on the same terms as men, and men and women could play each other



Billy the Kid and his gang were the subject of the film Young Guns (1988). A quote from this film was sampled and opens the classic Regulate ft. Nate Dogg, by Warren G (1994).

Please refamiliarise yourself with the lyrics.

Now follow @GerryMcBride taking a Google Maps journey through Long Beach as described in the song. Seriously, do this thing.

Filtered for two worlds


According to the excellent Radio 4 show In Our Time, politeness was an 18th century revolutionary philosophy.

Listen to the episode on Politeness here (28 mins).

Or read this very rough transcript. (I'm ashamed to admit that I have a problem paying attention to podcasts, and would be much happier reading instead. So I loaded the MP3 into Simon Says and got that transcript back in a few minutes.)

What politeness replaces is decorum:

The idea of decorum is is the notion that everybody's supposed to behave according to their place in society, according to their age.

And then there are more people talking: a move from a world of decorum - the nobility is only about 160 families - to a world governed by, well, it's put in this lovely way: the amicable collisions of urban life.

(Coffeeshops being part of this.)

And that changed world means that it's a world of debate and a world of public life, particularly in London; a world of socialising, and it needs a new model of behaviour and politeness comes forth.

This need collides with a reformist idea: the fundamental idea is the idea that the world can be - and we, the citizens of it - can be improved.

The idea of conversation gets internalised:

when he talks about conversation he is talking about conversation between people but also an internal conversation ... whereby you modify and develop yourself.

Politeness, and conversation, is a route to self-improvement, but also how to rub along together:

human beings are naturally benevolent and this is a quite new notion of human nature, to insist on man's capacity to love each other and to feel sympathy for each other and to respond empathetically to each other. And politeness is partly about feeling other people's feelings, recognising how they respond in circumstances, traveling alongside with them in conversation

Makes me wonder what a similar benevolent, positive philosophy - pointing inwards at the self and outwards at society - would be nowadays, and what new modes of interaction it could draw on. The internet I suppose. But how.

See also: the New Yorker on In Our Time and its host Melvyn Bragg which it describes (accurately) as four intelligent people in a studio, discussing complex topics that are ... aggressively uncommercial.

Some trivia: In Our Time was the BBC's first podcast, and I set it up. This was back in November 2004, and the term had only been coined in February that year. The BBC was the first national broadcaster to do any podcasting at all. There are some funny little stories about hand-writing the XML files for the servers, and I should dig out the deck I made explaining podcasting, expressed in a way that we could avoid the BBC having to go back to the government to ask for permission to do it (we described it as "listener-scheduled radio"). A decade later, in 2014, the BBC announced 1.1 billion podcast downloads. In terms of effort expended, probably my most impactful work.


Long Twitter thread on the Victorian idea of the 'veil between the worlds':

The concept of 'thin places' (where the 'veil between worlds' is thin) was even worse - deemed 'ancient Celtic', actually invented in 1938.


Nowadays we don't think of spirits' or Gods' realms as physical places, but as 'planes'. But back then, the Gods lived on Mount Olympus.

Heaven was believed to be as physical as Earth. Hell could be reached through openings in rocks. The whole cosmology was different.

Of course, now that the Earth is mapped, we needed to imagine otherworlds as 'higher planes'. It was the only place for the unknown to be.

The idea of superimposition, borrowed from photography, was a convenient analogy for how people thought the spirit world interacted w/ ours.



The concept of Thinning from fantasy (thanks Tom Stafford for sharing this on Facebook).

By way of intro:

Fantasy tales can be described, in part, as fables of recovery ... the happy endings of much fantasy derive from the notion that this is a restoration, that before the written story started there was a diminishment.


The passing away of a higher and more intense Reality provides a constant leitmotif in the immensely detailed mythology created by J R R Tolkien. The Lord of the Rings (1954-1955) comes at the end of aeons of slow loss. Within the global thinning manifested by the text throughout, local thinnings occur, examples including the realization that the elves are leaving Middle Earth for ever, or the return of Frodo to the Shire to find it has been thinned into a secular Waste Land.

The passing of the old and the beginning of the Age of Men.

Look at Star Wars -- the idea that there was a golden age of noble Jedi knights that has given way to scuffles and trade negotiations, the magic and chivalry ebbed away. And now being restored. Why is this appealing now, in 2017?

Is the feeling that the world is thinning simply part of growing up? That as children, the world was magical -- we were continuously confronted with that which we didn't understand. Where beings with super-powers would swoop in and do things we couldn't possibly understand, like conjuring up goods and services (paying for stuff) and teleporting (driving places). And now, as adults, we understand all (or at least, have learnt to avoid thinking too hard about what we don't understand) and so the magic has gone?

And then the restoration, an essential part of the thinning narrative, a coming to terms with this, the whole a meditation on becoming-adult?

Or another manifestation of the wish that the one who saved us before - King Arthur, Roland, Jesus Christ - will come again, as a way of avoiding the hard work of actually buckling down and making the world better?

Anyway. Feels timely.


Dappled light generator.

omg how beautiful is this:

Created by Leslie Nooteboom, komorebi is a platform that uses a robotic projector and generative projections to replicate the natural reflections and shadows of sunlight. komorebi can create sunlight filtering through leaves or a dance of light and shadow.

Watch the videos.

See also: CoeLux which appears to be a skylight but is actually an artificial sky, with calibrated angle and temperature to simulate a hot day in the Mediterranean or the Tropics.

The light of non-places leaking through.

I wrote a story and you can read it

I've mentioned here before that I'm part of a writing group called Upsideclown. We take it in turns to write short fiction, and I'm up today!

It's a gentle tale of extraterrestrial visitations, and of rekindling old friendships. Here's a taster:

Petr held the Scotch egg still between thumb and forefinger, and cut it carefully in two. They sat in the library cafe. He placed the symmetrical halves side by side on the plate, two halves of egg in two half balls of sausage, centred on yellow yolks.

'The Dogon people, in Mali,' said Bruno, eying Petr's lunch, 'were visited by aliens from the Sirius star system.'

'And you find somewhere scenic for the presenter to stand while they say this,' said Petr, 'so nobody notices how absurd it is.'

Read: The search for another intelligence, by me, at Upsideclown.


I'm rusty at writing fiction so I'm loving being part of this rebooted writing group. But I'm also particularly pleased at how this story came out for a couple of reasons:

  • I'm using characters and dialogue -- it's been a personal challenge to make full use of both, and I think I'm beginning to get the hang of it
  • I'm beginning to write deliberately. For fiction I've always written intuitively before: hold an idea in my head and then just bang it out. Which is great but is very mood-dependent. This time I had a process: I sketched out a summary, turned it into an bigger summary, and then wrote out the story over a few sessions, finally making revisions. This process is not a breakthrough to anyone except me! But what it means is I can now handle stories longer than 1,200 words, and I can also work on them incrementally such as on the tube and in the evenings

So yeah. Learning the craft. It's not my best story by any means, but right now it's the one I'm pleased with most.

Filtered for things to read on your tube ride home


Seat 14C is a collection of short stories all with the same premise. Each is a first-person account of the passenger in Seat 14C, on ANA Flight #008, as this passenger discovers they've mysteriously been transported 20 years into the future. There are some biiiiig name authors.

Bruce Sterling's story is fantastic:

The planet, humankind, had undergone some huge, universal, metaphysical enlightenment. ... They no longer used mushy, mystical terms from 2017, vague words like "thoughts, "feelings," "moods," "souls," "intelligence." They had precise, scientific formulations for those phenomena, with about a million high-tech terms-of-art.

Read it: It Feels So Exponential.


Line-us is a little robot drawing arm on Kickstarter by Durrell Bishop and Robert Poll. It is lovely.

However I am not here to say how lovely this robot arm is.

Rather, their Kickstarter updates are gold dust. They are experienced designers and manufacturers, and they are narrating their experience from prototype to production in Shenzhen with a clarity, transparency, and education which is rare as hens teeth. Many of the updates are open to the public, not locked down to project backers.

For example:

Read all the updates.


Bret Easton Ellis on Living in the Cult of Likability.

Now all of us are used to rating movies, restaurants, books, even doctors, and we give out mostly positive reviews because, really, who wants to look like a hater? But increasingly, services are also rating us.

(Uber, Airbnb.)

Who wants to share a ride or a house or a doctor with someone who doesn't have a good online reputation? The reputation economy depends on everyone maintaining a reverentially conservative, imminently practical attitude: Keep your mouth shut and your skirt long, be modest and don't have an opinion. The reputation economy is yet another example of the blanding of culture, and yet the enforcing of groupthink has only increased anxiety and paranoia, because the people who embrace the reputation economy are, of course, the most scared.

Read it.


This interview with Noel Gallagher in Esquire in 2015!

I mean Gallagher always gives good interview but this is great.

Also when he says this

I'm never going to write a song that connects with people as much as "Don't Look Back in Anger" has, but that doesn't stop me from going to the well every morning.

which he has impressively managed to reconcile with this

as a writer you surely always think that your best work is in front of you, even though I'm self-aware enough to realise it's probably fucking behind me.

Also, also he does good swearing.

Read it.

Filtered for what celebrities and dinosaurs look like


Neural network image synthesis: artificial intelligence systems are really good at generating super-realistic, fake images. Like the faces of celebrities.

Given the synthesised images can be made to be very similar to one-another, it's possible to make a long chain of synthesised images - all faces, all similar to the one previous - and turn that into an animation.

Resulting in this video: One hour of imaginary celebrities.

It's like David Lynch took over the Daily Mail showbiz section.


Mapping startup Mapzen put together some slides of gorgeous forms and lines, abstracted from maps.

Explore the world of form. Scroll through the whole thing.

See also: photos of highway interchanges by Peter Andrew.


Generated animation of driving a car at night. Tail lights, rain on the window.

(You'll probably need to run this on a desktop, but click fullscreen.)

Also, this video clip from a game about looking out of a train window. Full game here: To West.


Dinosaurs aren't drawn right.

dinosaur illustrations should take more cues from animals living today. Our world is full of unique animals that have squat fatty bodies, with all kinds of soft tissue features that are unlikely to have survived in fossils, such as pouches, wattles, or skin flaps.

Here's what present day animals would look like, if we drew them as badly as we draw dinosaurs.

The illustration Swans imagined as though they were featherless dinosaurs is particularly terrifying.

Of course we're not talking about about dinosaurs now because they are indeed now particularly skinny, being skeletons.

This is in relation to millions of years ago, before the dinosaurs got raptured, before we used their fermented meat to drive our cars.

See also: Egyptian mummies were dug up and burnt to power steam trains. (Or rather, they weren't. It turns out this was made up by Mark Twain.)

Security and privacy, startups, and the Internet of Things: some thoughts

Upcoming event in London: I'm going to be speaking about the Internet of Things, security, and privacy with Sarah Gold, CEO of IFat Machines Room (an awesome east London makerspace), tomorrow.

Insecure Futures: Privacy, Security and Connected Devices (Weds 1 Nov, 6pm): RSVP here.

The event is part of a series of panels curated by Machines Room and Kickstarter. Sarah and I will be doing this as a "fireside chat." Should be thought-provoking -- these are some chewy topics, and Sarah is an expert. Her consultancy researches trust, policy and design for clients with Google and Facebook with output both practical and speculative.

We've each been asked to spend 5-10 minutes at the beginning of the session to set out our stand, so to speak. So this is my current draft on what I'm going to say. Comments welcome; I'll evolve it some before speaking.

On IoT, security, and privacy. But security first:

Let me say a few words about security first. Then privacy.

And really, because we're talking about the Internet of Things, we're talking about the security of a device in people's homes and in businesses, what we're talking about is the security of data and other devices on the trusted networks in those places.

With my investor hat on, a startup that doesn't take security seriously is obviously a problem because it's saving up problems down the road -- it will be harder to acquire, and it has the potential of being part of something catastrophic.

For me, one tell around this - a technology red flag - is when companies build their own stack themselves for secure connection of devices to user accounts (called provisioning), or for performing over-the-air (OTA) updates. These two are bellwethers: if something isn't right here, it's likely that security hasn't been considered elsewhere in the stack.

It's easy to convince yourself, as a startup, that there is no solution out there that meets your needs for provisioning and updates. But over the last 12 months, the technology stack for connected devices has matured. And honestly, these stacks come with features that you will never get round to building yourself. So it's worth looking for existing solutions.

resin is an interesting example of a useful stack. One of the things resin makes easy is over-the-air updates for device software. But because some of their users run this software for drones, they also include a feature that allows the drone to postpone the software update until it has safely landed. That's a useful feature. Let's say you're building a cash register: it would be great to have a feature where it can postpone updates till after the lunch rush is over. That's the same thing. But will you get round to building it yourself? Probably not.

So building your own stack is hard to get right, and more importantly it's expensive to keep up to date. Over months, as the technology landscape evolves, a resource constrained startup may find itself lagging. And that's where security problems emerge.

Building your own artisan stack feels like an expensive indulgence in most cases. The line to keep in mind is Werner Vogal's maxim - Vogal the CTO of Amazon - his maxim of no undifferentiated heavy lifting. That is, don't put significant engineering resource into stuff that isn't your core business.

But security isn't just technology. It's design.

It's what you encourage users to do. A friend of mine in San Francisco had some smart lighting and smart plugs some years ago. It has this great feature where if you're on the same wi-fi network, it automatically associates the devices with your app so you can control them. And then, even when you're not on the network, you can turn the lights on and off. Handy.

So some months after staying with my friend, I discover - from London, while demoing the app - that I can turn on the lights in his front room. I discover this because he texts me, after I've been doing this for some weeks, to ask if it's me turning on and off his lights at 4am. Yes, yes it is.

Of course I reckon with this power I can possibly start a fire. Lights on and off as quick as possible. No security stack is going to help. But thoughtful design can.


The tension for startups is that design for thoughtful design, and therefore for good security requires you to know what your product and service is doing, but in the early stages you may have to change the product quite a few times to get it right.

Now you think I'm going to say that this is a difficult decision, blah blah blah, that startups should consider security early on, despite this.

I'm not going to say that. I'm going to say that maybe a startup should ignore security, just a little bit.

What I mean is: if I meet a startup who has spent ages on its security, pre getting some real customer traction, I am going to be nervous that they have over-engineered the product, and won't be able to iterate. The product will be too brittle or too rigid to wiggle and iterate and achieve fit.

So it's a balance.


One of the reasons that security matters is because it can lead to privacy being violated. Or rather, let me clarify:

Poor security can mean a startup's customer gives up privacy in an unintended way. That's going to damage sales.

But what's more of a preoccupation to me is when privacy is reduced in an intended way. You see this a lot when a startup has figured out how to make a business work by being not quite straight-up about what they're doing with the data they're collecting.

For example:

  • A consumer-facing startup that gets its product out for free, and then collects user data to sell later. I don't believe consumers can ever really consent to data use in this fashion: it's never really made clear. It pulls the startup's interest and the consumer's interest out of alignment, and that - in my view - makes it hard for the company to grow in a clear way. This contradiction at their heart will make it tough to make product decisions
  • A B2B startup which operates by collecting data on behalf of its clients -- for example, collecting images of faces of shoppers for retail analysis. This can be legally legitimate. But sometimes it can be legitimate but still wrong: if properly informed, a regular consumer would feel uncomfortable

You would be surprised how many companies like these I encounter. Or maybe you wouldn't be.

I think it should be a point of greater social concern that consumers are asked to consent to data retention and usage when even the people collecting the data don't know what it may be used for down the line. Object recognition and facial recognition is getting really good -- but it wasn't great or well known at the point I subscribed to most of the services I now trust with my data. Can it really be said I consented to this? So we need a better way to discuss this, in society.

With a more commercial hat on I subscribe to the view that, in most cases, big data is not an asset, it is a liability. If it's not necessary for the business model, then it's an expense to keep it secure. So don't keep incur that expense. For example, you don't need to keep credit card numbers to take payments. OIutsource it. You don't need to move video to the cloud to data to do image recognition -- we have machine learning at the edge for that now.

But mainly, I think about this: is it skeevy?

The tide has turned on privacy, just as it did for sustainability. For ages being sustainable was something companies did just to feel good about themselves. Now it's both consumer expectation and good business.

With privacy? For B2B startups I feel that being privacy conscious is becoming a differentiator and should be advertised as such. No potential business customer will want to be associated with the risk of leaks, being hacked, or potential damage to the brand from revealed "skeevy" behaviour.

It's not a negative thing. There's opportunity here too.

I want to end with an example which is Hoxton Analytics, a company I had the privilege of working with at the R/GA IoT accelerator I ran earlier this year. By the way, we're running another one, and applications close on 7 December, just a few weeks from now. We can talk about that afterwards.

Hoxton Analytics supply, for their clients, pedestrian footfall intelligence. They count the number of people walking in and out of your shop.

Historically this has been done with infra-red beam interruption. Well, that can't track groups or whether people are going in or out.

So instead you can do it by tracking smartphone signatures. Information-rich but not everyone has their Bluetooth or wi-fi turned on.

So you can really amp it up and monitor footfall with cameras doing facial recognition: that doesn't fly in Europe, it's personally identifiable information. Fine elsewhere in the world though.

Hoxton takes a different approach. They have cameras right down low on the floor, and they use machine learning - on the device - to recognise shoes.

It's crazy accurate. 95% accurate. It can also count group sizes, and whether people are going in or out. So it can do capacity.

It also doesn't store personally identifiable information so it's good in Europe.

But get this. Because they've built this solution, it means they can also use it in public places. So you can point the camera out of the window and see how many people are walking past, versus how many people are walking in. This is the holy grail, like a conversion funnel, like Google Analytics, but for physical retail. And they've got there by considering privacy not as a product constraint, but as a product feature.

Wrap up:

That's where my head's at regarding security and privacy. I'm going to chew on these thoughts a bunch before the discussion with Sarah, and I'd welcome your thoughts -- either on my views as laid out above, or on questions to ask her.

I don't know if there are any tickets left but if there are do come along and if you're already signed up, then I look forward to seeing you on Wednesday night.

Here's my PR tip for people (like me) who are terrible at PR a.k.a. the Tick-Tock List

The problem is that you launch a thing or have some big news and those pesky journos won't cover it.

Here's one approach:

  • treat journalists like human beings because that's what they are. I've seen the "pesky journos" attitude a bunch and it's an unhelpful category error that sets up an us-and-them division: most journalists I know are also product developers, consultants, entrepreneurs, creatives in other fields, etc. I don't mean pretend to be mates, but do acknowledge that you've both got a job to do (you to get coverage, them to provide interesting stuff for their readers) and build a professional relationship around that
  • don't reach out only when you want something

If you're a pro, or if you have a marketing team, talking to journalists like this is second nature. But for founders who are just getting going - and for rank amateurs like me - it can be hard to know where to start.

So one way is to use what I call a Tick-Tock List.

(I only call it this in my head. Nobody else says this. What I mean is you should email people on the regular, like clockwork.)

How to run a Tick-Tock List:

  • Make a list of journalists who have covered you or your company before. Not the publications but the individuals (with luck you'll build a relationship with them that lasts years as they end up super influential at big publications)
  • Email this group every 2 or 3 weeks. This email should be written by you, from your personal email, with no weird formatting: it's not a newsletter. Journalists on bcc
  • Subject line: Company name, update number or date, top news
  • Don't ask for coverage

What should be in each email:

The email should be short and easy to read. Use bullets.


  • Say hello
  • Say that they're receiving this email because they've covered you before, that there are 12 people (or however many) on the list, and that you'll stop emailing if they ask (or add them if they got the email as a fwd). The number is good transparency
  • Say the one sentence version of what you do in plain language like when you have to explain to your parent's friends what the hell you do. Ideally this includes a "because". Like, "We're doing [what it is] in order to [big hairy goal] because [a value judgement about the world]"
  • Say these three things:
    1. what your company had achieved since you last emailed
    2. the biggest achievement they might have missed the last few emails (if there's news coverage, include a link and say thanks)
    3. what's coming up over the next week or two
  • Sign off with your name, phone number, your email address, and being open for a chat

By achievement I mean something that is outward-facing that is actually interesting. Concrete. If nothing happened, say nothing happened -- and why.

After you've done this a few times, and if you've got something genuinely worthy of a story, you might want to say - before your three things, in bold - that you've got a launch/event/newsworthy thing coming up in a week or two, and you're hunting for coverage. Offer to chat about it.

You might find - and this is the goal - that somebody on your list, somebody who has never replied before, happens to receive the email at the right time and they have the right-shaped hole in their slate, and so they get in touch to learn more and hopefully do a story.

More tips:

When you say what's coming up, don't be cagey or fake-enticing. Your email recipients aren't marks, they don't owe you anything, these are humans, one day maybe you might be friends. Be open enough for them to make a decision. But likewise don't put them in the difficult position of being told a detail via email that you really want to keep secret.

What is newsworthy? Think: is this so interesting that if you heard it about someone else you would want to tell your non-bubble friends; have you said it in the right way to be easily understood, and provided the right words for others to do the same; can it further the narrative of the journalist.

(Aside. I feel that every publication has a worldview that it is continuously pushing. It could be something like "technology is building the beautiful future we imagined when we were kids" or it could be "this thing is niche right now but one day it will be mainstream and momentum is growing." Find and provide an angle to allow journalists to use your story to develop and argue this worldview with their readers.)

The hard bit:

The hard bit: continue with the Tick-Tock List.

Let's see, what else. Did I already say this isn't a newsletter? This isn't a newsletter - and there are many and I subscribe to many and they are brilliant - so you should also one of those (and a blog, and a twitter, and...). But this is more intimate. An actual email. Um. Be respectful. Your goals are

  • to build a professional relationship
  • to build a soap opera sense of momentum
  • provide familiarity so that big events and asks don't come out of the blue
  • overall, to save time for the journalists
  • to provide potential stories in a mutually beneficial way

I've shared the Tick-Tock List pattern with a few companies over the years. I'm actually a bit nervous to share it here because it's so trivial. But I've had a good experience of this personally, and reports of good effects, so I figured I'd write it up.

Please let me know if it works for you. (And if you're on the other side of the fence, I'm curious about your views too.)

Bonus link: Mike Butcher's article/rant The Press Release Is Dead - Use This Instead is fantastic. Check out the list of questions that he needs answered, as Editor-at-large of TechCrunch Europe, to get to grips with a possible story.