Blog

I was revisiting my Github README article about incident communications the other day and noticed that many of the links I had put in my bio to Akamai’s public-facing incident management documentation had rotted away due to some intervening revision of the Akamai web site.

Since they provided valuable context and I had cause to want to refer to them in my client work, I went and tracked them down in the invaluable Internet Archive, and present now the links on their own as well as a fixed version of the bio with working links (and some paragraph breaks for readability).

• Akamai’s Infosec Program
• Incident Management at Akamai
• Information Security Compliance

And the updated (very casual) bio:

Hi there 🙂 I’m Kevin (@kevinr.free-dissociation.com).

While I learned to code while I learned to read and have loved computers my whole life, I realized pretty quickly after college that I wasn’t going to be happy spending the next forty years of my life sitting in a cubicle in a corner writing code and not talking to anybody.

After a bit of a sojourn I landed in security, which I love because it’s the intersection of the hardest technical problems we know (like cryptography) and the hardest social problems we know (like making cryptography usable by people).

I got my start in Infosec at Akamai, where I helped to redevelop our incident management process, train incident managers, and served as an incident manager myself on some gnarly and interesting incidents.

These days I have my own little shop, and I’m available for consulting on incident management as well as several other areas of security, privacy, and the broader emerging field of software safety. In my “spare time” I make videos on security and safety topics. 😉

I value the truth, and, more importantly, I value the process of seeking the truth.  Scientific methods, despite every misstep, are the best methods we know for developing and understanding truths about the universe around us and ourselves—that is to say, they give us the best ability to predict what will happen in the universe and in our social systems.

I value the physical world.  The physical world around is is the ultimate source of truth in the universe, and, while our understanding can never fully capture that truth in all its manifold complexity—to do so would take a system larger than the universe—still we can, collectively, approach some kind of asymptote of understanding and ability to predict the world around us both physical and social.

I value the people around me and the human species as we are, alive, today, and tomorrow.  I value that as many of us and our children as possible are as healthy, happy, and safe as possible, and I have dedicated my life to doing what I can to make us all healthier, happier, and safer.  I believe that understanding the physical and social worlds is valuable precisely for the reason that that understanding offers our surest path to those outcomes.

(The future beyond that is our children’s and our children’s children’s responsibility, just as our health, happiness, and safety today are our responsibility and not our great-grandparents’.  Our duty is to set our children and grandchildren up for success as best we understand that, but not to trade their health, happiness, and safety for those of hypothetical far-future many-times-great grand-children.)

I value democratic methods of decisionmaking.  Like science, politics is also a method for understanding the social world, the impacts it has on the physical world, and the impacts of the physical world on it.  Politics is the arena in which we define what it means for us to be healthier, happier, and safer, and who gets to be that.  Democratic decisionmaking methods, despite every misstep, provide the best ways we know for developing what it means for us to be healthier, happier, and safer and understanding how that might be achieved, and for spreading those benefits to as many people as possible.

I value capitalist and socialist economic methods and structures to the extent that they serve the other values.  These methods are among the best economic methods we have found so far for distributing high-quality, safe, and wholesome physical goods to as many people as possible, and capitalist methods do the best job of any economic methods we have found so far of turning basic human self-centeredness to socially-beneficial ends.

 

I wrote up some fairly off-the-cuff travel cybersecurity advice back in 2022 for a client, and it’s generic and useful and still current enough that I thought I would post a lightly-edited version here.

Its audience is mostly-US persons and US-based organizations traveling abroad for conferences in a professional capacity, although I think it is fairly applicable outside that.  This advice is also specifically not for people who believe they are or may be actively targeted!

Obviously in fall 2025 the risk calculus, particularly for non-US persons traveling to the US, is changing very rapidly, and without doing substantially more reading and thinking I don’t feel I can give good advice to that specifically.  I do think the advice here still provides a good, safe baseline for everyone, and additional measures can be layered on top as you need and desire.

---

tl;dr:

1. If you are ever concerned that your device may have been compromised, stop whatever you’re doing and reboot it immediately.
2. Take your software updates, always, but especially before you travel.
3. Don’t click through certificate warnings on public WiFi!

How come? Read on.

Continue reading “Basic Conference Travel Cybersecurity Advice”

This is a thing that I’ve been sending around.

Friends and family, I’ve been following developments in global financial markets, the manufacturing and construction sectors, and physical supply chains very closely following Trump’s announcement of massive tax increases (tariffs) last week.

I think it is likely that we are headed for a set of supply-and-demand shocks—different in their particulars, but—similar in magnitude to the ones we experienced in the early days of COVID in the spring of 2020. We’ve weathered shocks like this before, and we will weather them again, but they always fucking suck.

What I’m doing for myself, and what I would encourage you to do, is this: Lay in at least a 2-3 month supply of staples, whether sourced domestically or abroad, and, ideally, lay in a 6 month supply of anything you can’t live without.

For staples I mean things like food but also paper products (in the US, many of ours come from Canada), medications and supplements (many of ours come from Mexico), coffee, tea, chocolate, spices, vanilla, liquor, contraceptive products, cosmetics, personal care products, etc.

Also anything you need for summer (I need to buy an air conditioner).

I hope that I’m wrong, nothing comes of this, and I just wind up with extra paper towels in my closet for the next six months, but all my early warning signs are flashing danger right now.

P.S. Also, Congress and, in particular, Republicans in the Senate can end this any time they want, so, I encourage you to please call your Senators and ask them to remove tariff-setting power from the President and return it to Congress.

tl;dr I will probably not be purchasing a Gradient All-Weather Window Mounted Heat Pump, and you probably shouldn’t either.

I have now had the dubious pleasure of interacting with a customer “service” representative which I strongly suspect to be either entirely an LLM or a human relying ~entirely on an LLM.

Given the fact that I’m making this post, and what its title is, to say that I was dissatisfied with the experience would be an understatement.

If there really were a person on the other end of this interaction, I would describe the experience as like talking with an undergrad who skimmed the reading right before class, can’t recognize when they’re being asked a question which requires them to reason and potentially call on outside information that is not directly in front of them, and refuses to acknowledge that they’re unprepared.

And in general this is the core problem with using LLMs in this context.  Customer service has two primary purposes: To provide a human interface to existing material for customers who prefer that, who can’t access the existing material, or who can but can’t navigate or understand it; and, exception handling.  Exception handling breaks down into two sub-categories: Known exceptions, and unknown exceptions (with apologies to Mr. Rumsfeld).

LLMs, pretty much by their nature, cannot be trusted to handle unknown exceptions, because unknown exceptions are definitionally outside their training data.  I would also be surprised to discover that they were particularly good at handling known exceptions without significant work on the part of the people deploying them. (Also the downside risk here is high, as in the Air Canada case where an LLM customer support system made up a bereavement policy—a known exception—and the courts rightly forced Air Canada to honor it.)

Anyway, after wasting too many of the limited seconds of my very human and all-too-short life on this presumptive LLM, I decided that the best disincentive to Gradient, the subject of today’s post, continuing this practice, and the best disincentive to other companies adopting it, was public shaming.

Honestly it’s probably for the best, as Gradient’s products are incredibly expensive compared to other consumer HVAC products, as well as poorly reviewed by other early adopters.

I will, of course, update this post if I get in touch with an actual human, and not a steaming pile of matrix math pretending to be a human, but at this point I’m not holding my breath.

Without further ado, I present, Who’s On First? Novel Consumer HVAC Product Edition.

Continue reading “The Kafkaesque Hell of LLM-Powered Customer “Service””