Why Is “Hey Siri” Functionality On The Mac Mini Apparently Not Working?

Posted in Commentary with tags on December 12, 2024 by itnerd

A reader of this blog pointed me towards a Reddit thread and a MacRumors thread where people are complaining about this:

Given that Apple Intelligence and a better Siri experience are part and parcel of macOS Sequoia, and the Mac mini is Apple’s gateway into getting more Macs into the hands of more people, this is really bad.

Another data point. The same reader who tipped me off to this has confirmed that on his M4 Mac mini, when Apple Intelligence is on, he has to click on the Siri/Apple Intelligence button, then the mic icon, and then he can talk to Siri.  If Apple Intelligence is off, he clicks Siri and he can talk right away. That implies bug to me.

What I am guessing is that Apple only likely tested this on the Studio Display and figured that it was job done at that point. I say that because some people with Mac mini’s and Studio Displays have confirmed that this is working as intended. Clearly Apple needs to do better QA before releasing stuff to their customers. The bottom line is that you can add this to the growing list of bugs with macOS Sequoia which includes Time Machine issues, and display issues which appear to be a design choice that Apple didn’t tell anyone about.

Apple really has lost the plot when it comes to software quality.

Leave a comment »

Review: Ford BlueCruise

Posted in Products with tags on December 12, 2024 by itnerd

I’ve written about Ford’s hands free driver assistance feature called BlueCruise before. But I was intrigued by it to such a degree that I approached Ford for the opportunity to try it out for myself. Ford not only said yes to that, but they gave me this to drive for a weekend:

This is the Ford Mustang Mach-E electric vehicle. I’m going to do a full review of it in the coming days. But for right now, I’m going to focus on BlueCruise.

What BlueCruise is designed to do is to allow the car to “sort of” drive itself in certain situations. Specifically, you have to be in what Ford calls a “Blue Zone” which is usually a divided highway that Ford has mapped out and is known to the car via having it downloaded to the car. More zones are being added all the time, so if your highway isn’t on the list, it likely will be soon. Another requirement is that the lanes on said highway need to be clearly be seen by the car’s cameras. Finally, the car via cameras inside the car need to be able to see your eyes so that it can confirm that you are paying attention to the road. That’s where the “sort of” part comes in because the car is basically driving under your supervision.

If you look above the pony on the steering wheel, but below the screen behind the steering wheel, you’ll see a rectangle. That’s where the cameras are located.

Here’s what you do to activate BlueCruise. Assuming the preconditions for BlueCruise to be available are there, and the screen turns blue and lets you know that you’re in a “Blue Zone”, hitting the cruise control button should activate it. And the first time that I tried it, it did. Then it started to complain that I wasn’t paying attention to the road that had a few beeps accompanying that message, and about a minute later the system shut off and the car beeped a lot. My wife was in the car with me at the time and it freaked her out. And this didn’t help her anxiety about being in a car that had this feature. I pulled into a parking lot and readjusted my seating position which was a tip that Ford had given me the day before via a briefing that covered BlueCruise and the Mach-E. I normally have a very upright seating position because I have a dodgy back. But I changed my setup so that I was lower than normal, and I was reclined slightly. After doing that, BlueCruise worked without an issue because it could now see my eyes.

Here’s a video that my wife took of me using BlueCruise for the first time and being completely hands free:

By the way, my wife wanted my hands on the steering wheel because she was super nervous about me driving hands free. Which I get. But we tested this out on a 218 KM drive where 85% of it was on highway 401 or highway 427 and it worked flawlessly. There were a couple of times where the system had me take control without all the beeping that I mentioned earlier. The first was on the eastbound 401 just after Milton where for reasons that I can’t discern, it had me take control just before going under an overpass. Then it re-enabled BlueCruise about 30 seconds later. The second was when a transport truck was beside me and a car was two or three car lengths in front of me. Again, the system had me take control, and then when the car in front of me exited the highway, it took over again. I am guessing that BlueCruise thought that this was a dicey situation and that it might have been better if a human took control of the car. That was interesting because when we got close to Toronto we encountered some traffic and BlueCruise was able to deal with the stop and go traffic that we had to deal with for about 10 minutes. Finally, I should mention that BlueCruise can make lane changes all by itself. Simply hit the signal and the car will do its version of a shoulder check and move left or right for you.

The one thing that I did appreciate is that when I was using BlueCruise, I was actually less stressed. I am pointing this out because going into this, I was assuming that because I had my hands off the wheel and I was using the system, I was going to be on alert the entire time. But the opposite happened the more I learned to trust the system and understand how it worked. On a long drive like a road trip, I can see how this could be be serious quality of life improvement. My wife became more comfortable with me using the system as well. Though she’s stated to me that if we owned this car, she’d never use it as she wants to be in complete control of the car at all times. Which is fair and not surprising to me as she’s never used the cruise control feature of our daily driver as she doesn’t trust that either. But I am thinking that if she had some seat time with BlueCruise in what she perceived as a “low risk” situation, she’d change her mind. Another thing that might help her to change her mind is the fact that  Consumer Reports has had BlueCruise as the top-ranked active driving assistance system twice in a row out of 17 systems tested. So if it’s good enough for Consumers Reports, it’s likely good enough for you, and her.

My only gripe about BlueCruise is the fact that I had to alter my driving position to get it to work. While doable, my back wasn’t really a fan of that position by the end of the weekend. But I’m likely an edge case in that regard. Having said that, it would be nice if Ford made the eye tracking system a bit more flexible so that I didn’t have to change my position.

Ford has given you options in terms of how you can get BlueCruise:

  • Any new purchased or leased Ford vehicle will come with a 90 day trial of BlueCruise.
  • There is a one-year plan which will either be included standard or as an option based on the vehicle line and trim.
  • Starting on select 2025 model year vehicle lines, Ford customers can choose to upgrade to a one-time purchase at vehicle order and won’t need to activate BlueCruise again on their vehicle. And this activation will stay with the car, which adds value to the car.
  • You can activate BlueCruise on a month to month basis. For example, you could activate it for a road trip and then have it turned off when you get home.

And here’s a list of Ford vehicles that BlueCruise is currently available on:

  • Ford Explorer
  • Ford Expedition
  • Ford F-150
  • F-150 Lightning
  • Mustang Mach-E

My verdict is that if you’re looking at a Ford vehicle, you should try out BlueCruise. I think that once you try it and trust it, you’ll find it an indispensable aid when you’re in the car for long periods of time.

1 Comment »

HP Wolf Security Study Reveals Platform Security Gaps That Threaten Organizations at Every Stage of the Device Lifecycle

Posted in Commentary with tags on December 12, 2024 by itnerd

HP today released a new report highlighting the far-reaching cybersecurity implications of failing to secure devices at every stage of their lifecycle. The findings show that platform security – securing the hardware and firmware of PCs, laptops and printers – is often overlooked, weakening cybersecurity posture for years to come.

The report, based on a global study of 800+ IT and security decision-makers (ITSDMs) and 6000+ work-from-anywhere (WFA) employees, shows that platform security is a growing concern with 81% of ITSDMs agreeing that hardware and firmware security must become a priority to ensure attackers cannot exploit vulnerable devices. However, 68% report that investment in hardware and firmware security is often overlooked in the total cost of ownership (TCO) for devices. This is leading to costly security headaches, management overheads and inefficiencies further down the line. 

Key findings from across the five stages of the device lifecycle include:

  1. Supplier Selection – In addition, 34% say a PC, laptop or printer supplier has failed a cybersecurity audit in the last five years, with 18% saying the failure was so serious that they terminated their contract. 60% of ITSDMs say the lack of IT and security involvement in device procurement puts the organization at risk. 
  2. Onboarding and Configuration – More than half (53%) of ITSDMs say BIOS passwords are shared, used too broadly, or are not strong enough. Moreover, 53% admit they rarely change BIOS passwords over the lifetime of a device.
  3. Ongoing Management – Over 60% of ITSDMs do not make firmware updates as soon as they’re available for laptops or printers. A further 57% of ITSDMs say they get FOMU (Fear Of Making Updates) in relation to firmware. Yet 80% believe the rise of AI means attackers will develop exploits faster, making it vital to update quickly.
  • Monitoring and Remediation – Every year, lost and stolen devices cost organizations an estimated $8.6bn. One in five WFA employees have lost a PC or had one stolen, taking an average 25 hours before notifying IT.
  • Second Life and Decommissioning – Nearly half (47%) of ITSDMs say data security concerns are a major obstacle when it comes to reusing, reselling, or recycling PCs or laptops, while 39% say it’s a major obstacle for printers.

From factory to fingertips – oversights in the supplier selection process, and onboarding and configuration limitations, impact device security across the lifecycle

The findings highlight the growing need for IT and security to be part of the procurement process for new devices, to set the requirements and verify vendor security claims:

  • 52% of ITSDMs say procurement teams rarely collaborate with IT and security to verify suppliers’ hardware and firmware security claims.
  • 45% of ITSDMs admit they have to trust suppliers are telling the truth as they don’t have the means to validate hardware and firmware security claims in RFPs.
  • 48% of ITDMS even say that procurement teams are like “lambs to the slaughter” as they’ll believe anything vendors say.

IT professionals are also concerned about the limitations of their ability to onboard and configure devices down to the hardware and firmware level seamlessly. 

  • 78% of ITSDMs want zero-touch onboarding via the cloud to include hardware and firmware security configuration to improve security.
  • 57% of ITSDMs feel frustrated at not being able to onboard and configure devices via the cloud.
  • Almost half (48%) of WFA workers who had a device delivered to their home complained that the onboarding and configuration process was disruptive.

Challenges and frustrations around the ongoing management, monitoring and remediation of devices

71% of ITSDMs say the rise in work-from-anywhere models has made managing platform security more difficult, impacting worker productivity and creating risky behaviors:

  • One in four employees would rather put up with a poor-performing laptop than ask IT to fix or replace it because they can’t afford the downtime.
  • 49% of employees have sent their laptop to be repaired, and say this took over 2.5 days to fix or replace the device, forcing many to use their personal laptop for work, or to borrow one from family or friends – blurring the lines between personal and professional use.
  • 12% had an unauthorized third-party provider repair a work device, potentially compromising platform security and clouding IT’s view of device integrity. 

Monitoring and remediating hardware and firmware threats to prevent threat actors accessing sensitive data and critical systems is vital. However, 79% of ITSDMs say their understanding of hardware and firmware security lags behind their knowledge of software security. Moreover, they lack mature tools that would give them the visibility and control they would want to manage hardware and firmware security across their fleets: 

  • 63% of ITSDMs say they face multiple blind spots around device hardware and firmware vulnerabilities and misconfigurations.
  • 57% cannot analyze the impact of past security events on hardware and firmware to assess devices at risk.
  • 60% say that detection and mitigation of hardware or firmware attacks is impossible, viewing post-breach remediation as the only path. 

Second life and decommissioning – how data security concerns are leading to an e-waste epidemic

Platform security concerns are also impeding organizations’ ability to reuse, recycle or resell end of life devices:

  • 59% of ITSDMs say it’s too hard to give devices a second life and so they often destroy devices over data security concerns.
  • 69% say they are sitting on a significant number of devices that could be repurposed or donated if they could sanitize them. 
  • 60% of ITSDMs admit their failure to recycle and reuse perfectly usable laptops is leading to an e-waste epidemic.

Complicating matters further, many employees sit on old work devices. This not only prevents devices from being repurposed, but it also creates data security risks around orphaned devices that still may carry corporate data. 

  • 70% of WFA employees have at least 1 old work PC/laptop at home or in their office workspace. 
  • 12% of WFA workers have left a job without returning their device right away – and almost half of these say they never did.

A new approach to the device lifecycle is needed to improve platform security

More than two thirds (69%) of organizations say their approach to managing device hardware and firmware security only addresses a small part of their lifecycle. This leaves devices exposed, and teams unable to monitor and control platform security from supplier selection to decommissioning. 

To manage platform security across the entire lifecycle, HP Wolf Security’s recommendations include:  

  • Supplier selection: Ensure IT, security and procurement teams work together to establish security and resilience requirements for new devices, validate vendor security claims and audit supplier manufacturing security governance.
  • Onboarding and configuration: Investigate solutions that enable secure zero-touch onboarding of devices and users, and secure management of firmware settings that don’t rely on weak authentication like BIOS passwords. 
  • Ongoing management: Identify the tools that will help IT monitor and update device configuration remotely and deploy firmware updates quickly to reduce your fleet’s attack surface.
  • Monitoring and Remediation: Ensure IT and security teams can find, lock and erase data from devices remotely – even those that are powered down – to reduce the risk of lost and stolen devices. Improve resilience by monitoring device audit logs to identify platform security risks, such as detecting unauthorized hardware and firmware changes and signs of exploitation.
  • Second life and decommissioning: Prioritize devices that can securely erase sensitive hardware and firmware data to enable safe decommissioning. Before redeploying devices, seek to audit their lifetime service history to verify chain of custody, and hardware and firmware integrity. 

For further insights and recommendations download the full report ‘Securing the Device Lifecycle: From Factory to Fingertips, and Future Redeployment’ here: [LINK]

About the data

  1. WFA sample: A survey of 6,055 office workers that work hybrid, remotely or from anywhere in the US, Canada, UK, Japan, Germany and France. Fieldwork was undertaken from 22nd – 30th May 2024. The survey was carried out online by Censuswide.
  2. ITSDM sample: A survey of 803 IT and security decision makers in the US, Canada, UK, Japan, Germany and France. Fieldwork was undertaken from 22nd February – 5th March 2024. The survey was carried out online by Censuswide.

Leave a comment »

New Dubai Police Scam Alert Reveals Recent Surge in Phishing Attacks Targeting An Integral Part of Government

Posted in Commentary with tags on December 12, 2024 by itnerd

BforeAI has revealed that its researchers observed a recent surge in phishing attacks leveraging alleged communications from the Dubai Police, an integral part of the Dubai government and a frequent target of cybercriminals. 

The campaign is primarily being relayed via SMS texts, and URLs redirect users to a malicious domain. BforeAI analyzed 268 domains based on keyword matches from September 17 through November 22 to uncover specific patterns and trends involving the mention of Dubai Police.

Most domains originated from servers based in Singapore and have a history of malicious activity, including spam, phishing, and botnets. Over two dozen of these domains have already expired, with some registered as recently as November, indicating short-lived campaigns.

Two of the registrants were found to be from India and Dubai itself, and their suspicious names suggested that they originated from a legitimate company. In other cases, the threat actors have managed to keep their identities anonymous.

You can read the full research here.

Leave a comment »

New Research from 2024 Reveals Five Advanced Email Attacks to Watch Out for in 2025

Posted in Commentary with tags on December 12, 2024 by itnerd

Abnormal Security has revealed its latest research of real-world examples of threats Abnormal customers received in 2024 that demonstrates and predicts the anticipated evolution of the threat landscape we can expect to see in 2025. The blog also provides critical insights into the attack strategies organizations must be ready to detect and defend against these threats.

According to the company’s observations, the five advanced email attacks to watch for in 2025 are:

  • Cryptocurrency Fraud 
  • File-Sharing Phishing 
  • Multichannel Phishing 
  • AI-Generated Business Email Compromise 
  • Email Account Takeover

This blog emphasises the dire need for AI-native defenses that are able to identify anomalies and analyze context in real time. By understanding how attackers adopt solutions, organizations can protect the company and its employees from the increasing and evolving sophistication of email threats.

You can read the research here.

Leave a comment »

Foxit Integrated eSign and PDF Platform Enables Xseed Solutions to Streamline Operations and Accelerate Growth

Posted in Commentary with tags on December 11, 2024 by itnerd

Foxit, a leading provider of innovative PDF and eSignature products and services, helping knowledge workers to increase their productivity and do more with documents, today announced Xseed Solutions, a leading software development company, has transformed its document management processes by implementing Foxit’s integrated eSign and PDF solutions, resulting in significant operational improvements and accelerated growth.

Xseed Solutions, an innovative software development company led by CEO Mateo Bervejillo, had already established a firm foothold with a team of creative developers and prestigious clients like Coca-Cola. However, as Xseed aimed to expand its operations, it encountered a significant hurdle: its current electronic signature software needed to catch up with its growth plans. Realizing the need for a more robust solution to support their expansion, Mateo and his team set out to find a new electronic signature software – landing finally on Foxit eSign.

The transition to Foxit’s comprehensive platform has enabled Xseed to consolidate its document management processes into a single, unified solution. Foxit has provided Xseed with an electronic signature solution that not only offers a comprehensive suite of sending, signing, and completion features but also allows users to create, edit, share, and store PDFs in a unified, secure, and workflow-friendly environment. Foxit’s flagship products, PDF Editor and eSign, combine to give customers like Xseed the power to complete important forms and contracts faster and easier than more popular industry names — and at a more affordable price.

The implementation process, described by Bervejillo as “beautiful,” has yielded immediate results. Xseed has experienced enhanced team collaboration, streamlined workflow processes, and improved client satisfaction. The user-friendly interface and 24/7 expert support have also contributed to rapid adoption across the organization.

The success of this digital transformation initiative has positioned Xseed Solutions for continued growth and reinforces the company’s commitment to leveraging innovative technology solutions to enhance business operations.

To learn more, please read the Xseed Solutions case study here:

https://www.foxit.com/resources/casestudy.html and/or watch the video interview with Mateo Bervejillo here: 

Leave a comment »

Console Connect and OVHcloud expand cloud access in Toronto

Posted in Commentary with tags on December 11, 2024 by itnerd

Console Connect, PCCW Global’s on-demand platform and automated network for intelligent data movement, is now available from the newest Toronto data centre ofOVHcloud, a global cloud player and the European Cloud leader, broadening secure cloud access for businesses in Canada.

Located in one of North America’s most dynamic innovation clusters, the expansion enables more businesses to rapidly move data between OVHcloud, enterprise locations, devices and other clouds using a trusted solution on a single on-demand platform, accelerating hybrid and multi-cloud adoption in Canada.

Businesses prioritizing uninterrupted access and data protection can now quickly configure highly available redundancy through OVHcloud Connect (OCC) Provider via Console Connect, backed by the extended PCCW Global private network.

For highly critical workloads requiring a private network SLA, Console Connect and OVHcloud can establish a highly available private extended network to access critical workloads hosted in two OVHcloud data centers in Canada.

Console Connect became a new global OVHcloud Connect partner last year. Since then, it has added on-ramps to OVHcloud in Montreal. By expanding its presence to Toronto, Console Connect allows enterprises to interconnect OVHcloud’s data centres in the two Canadian cities within minutes via its private automated backbone.

Whether seeking redundancy, security or speed, the Console Connect platform is a strong fit for companies looking for a more efficient, secure and cost-effective way to turn up a private connection between any cloud provider to OVHcloud, migrate their data securely and then tear the connection down when complete.

Leave a comment »

ServiceNow & AWS Unveil New AI Capabilities to Transform Enterprises

Posted in Commentary with tags on December 11, 2024 by itnerd

ServiceNow and Amazon Web Services (AWS) recently announced the expansion of their strategic partnership, unveiling cutting-edge AI-driven capabilities to help businesses streamline operations and compete on a global stage.

Highlights for Canada: 

  • Expansion to Canada in 2025: This partnership’s growth into Canada will deliver enhanced value to industries such as telecom, technology, finance, education, and retail. 
  • Canadian Enterprise Success: Companies like Bell Canada are already leveraging this collaboration to achieve significant cost savings and outstanding results. John Watson, President, Bell Business Markets, AI and FX Innovation notes, “By harnessing the Now Platform’s advanced automation and AI capabilities powered by AWS, we are driving operational excellence and delivering even greater value to our customers.” 
  • Critical Moment for Canada: With AI adoption in Canada still at just 35%, this announcement is poised to break barriers to productivity and drive comprehensive digital transformation across the country. 

What’s New: 

  • Enhanced GenAI Workflows: A new connector enables seamless use of multimodal models developed and trained on Amazon Bedrock, powering advanced Generative AI workflows on the Now Platform. 
  • Automation & Integration Upgrades: New solutions for managing security incidents and procurement are available on AWS Marketplace, simplifying complex enterprise needs. 

This partnership represents a milestone in the collaboration between ServiceNow and AWS, combining AWS’s advanced cloud capabilities with ServiceNow’s innovative solutions to empower businesses to maximize cloud value, enhance digital experiences, and redefine GenAI-powered workflows. 

For more details, you can read the full press release, here.

Leave a comment »

I Lived With An EV For Three Days… And Charging It Is Less Than Optimal If You Don’t Have A Charger At Home

Posted in Commentary with tags on December 11, 2024 by itnerd

Over the weekend I had the chance to drive an electric vehicle. I’ll talk about the specific electric vehicle later this week. But today I want to talk about the charging experience. Now my condo doesn’t have a charger of any sort. Which meant that I had to rely on public chargers anywhere that I found them. In advance of this, I downloaded the Flo app onto my iPhone and loaded it with some cash. That way I could access and pay and charge whenever I needed to.

I picked up the EV on Friday at noon in Mississauga. The EV had 100% in the battery or 350 KM of range. I then shuttled my wife to an appointment that was about 20 minutes away. And from there, I went to see a client in midtown Toronto. And then I took my wife to dinner in west end Toronto and then home. The next day I drove from my home in west end Toronto to the northern part of Toronto to see a client. By that point, I was at 66% of range and my wife suggested that we charge it as we were planning on going to the Elora Christmas Market the next day in order to test out one of the key features of this specific EV. So after I was finished with the client, I went home to pick my wife up and then drove to Sherway Gardens as that shopping mall had a number of charging stations including a DC fast charger. And at the same time we could have dinner and do some shopping while the EV charged. But that didn’t work out so well because the DC fast charger was in use, and though there were four level 2 chargers at Sherway Gardens, one was in use by a Tesla who was using it because the Tesla Supercharger station was full with a line up, there was no way I could get the EV into any of the available chargers without hitting a car or a pillar. What also didn’t help is that Apple Maps indicated that there was a second Flo facility at Sherway Gardens. But when we drove to it, it didn’t exist. So we ended up changing our plans and going to a Flo charging station about a kilometre away at a Canadian Tire as that had the only other DC fast charger in the area. It was completely empty so we were able to drive in, plug in, and then walk 120 meters to a Boston Pizza to have dinner and wait for the EV to charge. Now I have nothing against Boston Pizza, but that was not the dinner that my wife and I had in mind.

After stretching out dinner for as long as we could to give the EV a chance to get to 100%, this is what it cost us:

That doesn’t factor in $65 for dinner for what it’s worth. But at least we were able to drive home which was about 5KM away with 100% charge in the EV.I should also mention that this DC fast charger promised 50 kWh of charging speed, but I never saw anything above 40 kWh.

The next day we went to the Elora Christmas Market which was a 110 KM drive from our place. To save as much battery as possible, we put the car into its power saving mode which would use more regenerative braking. Thus topping off the battery whenever I hit the brakes by maybe 1% at most. In hindsight I shouldn’t have bothered. The majority of the drive was on highway 401, which meant there was no braking. Thus this move while well intentioned was likely irrelevant. In any case, the drive took us from 100% down to 68% by the time we arrived. Now we had used the Flo app to figure out where the charging stations were in Elora, and the town had about 12 of them. But they were all level 2 chargers which meant that they would charge the EV slowly. To give you some perspective, a 10% to 80% charge with a level 2 charger would take about 8 to 9 hours. But we were going to be there for a few hours so it didn’t really matter as we had a significant about of range left in the vehicle. After walking around the market for a few hours and having a couple bites to eat, this is what we ended up with in terms of the cost of charging the EV:

So spending $5.20 got us from 68% to 88% over three hours. Not fast, but at least it was cheap. As an aside, if you have a level 2 charger at home, you’ll likely get the same speed but pay less as you could schedule charging for non peak hours for example to keep costs down and accelerate your ROI.

We then drove home and at that point I had to go out and find another DC fast charger as I was expected to return the EV the next day with a full charge. At the time, I was at a charge level of 65%. So I drove a few kilometres away to Bloor West Village in Toronto where a city parking lot had an available DC fast charger as I could see if it was in use from the Flo app. And while it charged, I had to find something to do. So I ended up walking around Bloor West Village for over 90 minutes and came back to the EV when it was 100% charged. This is what it cost me:

Two notes on this charging experience. First, it was faster as the charger claimed to do 62 kWh and I actually saw it doing that speed. Second, it was cheaper than the Flo DC fast charger that I went to on Saturday even though the charger was run by ChargePoint which is a Flo partner. That I found interesting. I then drove home and the next day returned the EV with 95% of a charge.

So, what did I learn from this experience? Well, a number of things:

  • If you don’t have a charger at home, don’t bother buying an EV: I say that because every time I needed to charge, I needed to drive out, find a charger, and then find something to do while the EV charged. That is going to get frustrating very quickly. Thus if you’re going to get an EV, you need to get a level 2 charger at home and charge overnight or any time the EV is not in use. The only scenario where I can see someone who doesn’t have a charger at home deciding to buy an EV is if their workplace has a charger, or they had easy access to one. But unless that’s free or cheap, it’s not worth doing in my opinion.
  • DC fast charging is useful but expensive: The two times that I used a DC fast charger, the cost was more of less the same as half a tank of gas for my daily driver which is a gas powered SUV. That means that any cost savings that could potentially come from having an EV would disappear. That means that DC fast charging is for convenience or necessity.

What the above means is that for a lot of people, such as people who live in apartments and condos, an EV is not a realistic option unless said apartment or condo makes provisions for EVs. By that I mean installing level 2 chargers. While some are doing that, it’s a capital cost that I don’t see the majority of apartments and condos doing unless there’s a critical mass of EVs out there. That’s going to be a problem as EVs maybe make up 10% of the market, which isn’t anything close to critical mass country.

The only way to address that barrier to entry is to make EV chargers, specifically DC fast chargers more widely available. If I were to look at where DC fast chargers were located relative to my home, this is what I see:

That’s a #fail. Chargers have to be as ubiquitous as gas stations. On top of that the EV that I was driving was capable of charging at 115 kWh. But the two DC fast chargers were not capable of charging at anywhere near that speed. Given that a lot of EVs are capable of charging at 100 kWh or faster, DC chargers need to do that. That would take the charge time to sub 1 hour most cases. And at the same time make EVs a viable option for many and drive adoption. Especially to those who don’t have a charger at home. Because nobody has a gas station at home because there’s a gas station usually within easy reach most people. EV charging needs to be just like that.

So based on this three day experience, my wife and I won’t be getting an EV. But if the charging infrastructure improves, or we get access to a level 2 charger, we might change our minds. Hopefully the needle moves on that front as I think EVs will eventually be the future of vehicles. We just need to have the infrastructure to allow as many people as possible to fully embrace the future.

1 Comment »

Cybersecurity Projections For 2025 From A CISSP

Posted in Commentary on December 11, 2024 by itnerd

Here’s some 2025 predictions from Larry Schwarberg, CISSP, Vice President, Information Security at The University of Phoenix

The rapid adoption of AI will cause inadvertent data exposures

The growing popularity of Artificial Intelligence (AI) has business leaders trying to find as many use cases as possible in hopes of improving service delivery and operations. In most cases, the use cases surpass the cyber security team’s ability to implement appropriate governance and controls. With a sense of urgency and the lack of a mature governance program, employees may be using open-source AI for internal business cases. The increased risk will be inadvertent data exposure due to limited knowledge of training a large language model (LLM). For risk mitigation, business leaders should partner with Privacy, Cyber Security and Legal to implement a governance model before pushing wide use of AI within the organization. The governance model begins with a sound policy that provides flexibility for innovation and allows for oversight of major AI projects.

Ransomware attackers will target centralized services and data lakes

Some of the ransomware attacks in 2024 have shown that attackers are focused on wider impact, which produces a sense of urgency to pay ransoms. When attackers focus on a centralized service provider, the impact is much greater than an attack focused on a single organization. Service providers have SLAs and penalties which can force the consideration to pay the ransom instead of attempting to recover on their own. Several notable attacks in 2024 have proven that attacks on service providers and large databases provide a goldmine for hackers. Additionally, attackers may begin targeting cloud service providers who are likely to host large organizations in various industry verticals. Organizations should ensure their business continuity plans, and disaster recovery plans have contingencies if their service providers become unavailable. Incident response plans should also test the executive team on scenarios where a ransomware group may exfiltrate personal information from their service provider and attempt to negotiate additional ransom for the data they have in their possession. 

Phishing / Vishing will be more believable with the use of AI

AI has created an environment where deep fakes can easily be leveraged for social engineering to gain initial access to networks. These types of attacks can be leveraged in many ways where typically fraud prays on the hearts of their victims, such as natural disasters and other significant events where unsuspecting people want to help through donations. Social engineering via vishing attacks can also target individuals who might think their child has been abducted for ransom. Vishing attacks will also be leveraged to impersonate executives which would be used to target employees into sending funds, providing access, etc. People are the weakest links into a network because of their desire to be helpful. Social engineering attacks using vishing are made easier with the advances in AI and information obtained through social sites. Organizations should build into their awareness programs plenty of training on social engineering and encourage employees to verify non-typical requests. 

Insider threat will become more common

Since Covid, where many organizations transitioned rapidly to a fully remote workforce, the risk of insider threat has significantly increased. A malicious attacker could join an organization for intelligence collection or with the intent to gain access to other sensitive information. Insider threat has been a challenge for cyber security teams since you have to determine what is authorized activity versus what is not authorized by a user. Organizations must use the concept of least privilege to perform daily tasks. Risk mitigation for insider threat starts at the screening process. However, in 2024, it has been proven that even mature hiring processes can be defeated by persistent hackers. 

Increased focus on zero trust network architecture and passwordless authentication

The concept of Zero Trust Network Architecture (ZTNA) focuses on “trust nothing and authenticate continuously” but does take into consideration the user experience. Organizations are focused on this architecture because the concept continually evaluates that the user and machine are who they say they are, allowing them access to data they have authorization. With the escalation of ransomware attacks, it is important to validate users since organizational networks are no longer defined by a perimeter. Cloud-based technologies and Software as a Service providers have created complexity in system and user trust. ZTNA deploys continual authentication, micro segmentation, continuous monitoring and the least privilege concept.

Leave a comment »

« Older Entries
Newer Entries »