kyle boddy

Everyday Information Security for the Average Person

I wrote a basic information security policy at work and figured the public might get something out of how to protect themselves using a minimum of effort.

——

Basic information security (infosec) is important for various reasons, not the least of which is not getting your sensitive files leaked.

Here’s a basic rundown of what all employees who travel on official Driveline business (Tour of America, Winter Meetings, Bat Fitting, anything) must take on their corporate and/or personal laptops. These are the bare minimum standards.

1. Enable a Password

If your Macbook or PC laptop boots into single-user mode (no password required), change that immediately to require a password on boot and when your screensaver is triggered.

2. Enable a six digit or larger passcode on your phone

Your phone contains sensitive information. On iOS, increase the passcode to 6 digits from 4, and on Android, use anything over 6 characters (numbers and/or letters). The difference in brute force cracking 4 to 6 characters goes from 10,000 combinations to 1,000,000.

This is true even with FaceID or TouchID enabled.

Fun fact: Cops can compel you to unlock your phone using your face or fingerprint but cannot compel you to remember your password. Think about the implications of this when traveling internationally and just in general. FaceID / TouchID are not passwords. They are usernames.

3. Download and use Backblaze

Backblaze is a constant backup solution that will upload files from your computer securely. Should your hard drive crash or you lose your laptop, you can download individual files/folders from their website or you can order a hard drive / USB stick to have your files shipped to you.

https://www.backblaze.com/

Don’t wait for backups to be required. Just get it done and put it in receipts.

4. Full disk encryption

If your laptop is stolen and it has a password, the hard drive can be removed and mounted in another device, giving the attacker access to the files. Full disk encryption prevents this from happening.

For MacOS, use FileVault 2 which is built into the operating system.

https://support.apple.com/en-us/HT204837

For Windows, use Bitlocker if you have Windows 10 Pro or higher.

(Right click your C:\ drive and click “Turn on Bitlocker”)

If you do not have that option, you don’t have Windows 10 Pro. You can pay for the upgrade if you like ($99 for most), but if you don’t want to do that, I am evaluating options and will update this post when I have a good one.

5. Use a VPN (optional, but highly recommended)

When you are in a hotel / Starbucks / public place on their WiFi, data is sent over the air unencrypted. The Internet connection in 4-3 (if hardwired in) is automatically encrypted using a VPN tunnel, which sends all your data to a secured server, which then sends your data out to the intended target.

If your logs are seized or reviewed with a VPN on, they will just see connections to the secure server, which then can be compelled to turn over logs… if they kept any. The (very well reviewed) service we use does not keep logs and the parent company is not based in the United States for protection.

If you would like to use a VPN when traveling – and again, I highly recommend it for both business and personal use – download ProtonVPN. We have a corporate account; please talk to me in person for the username and password for business purposes.

https://protonvpn.com/

For personal use, you can use ProtonVPN free servers or cheap alternatives like Windscribe and various other providers that pop up on Slickdeals.net. ProtonVPN is somewhat expensive and our licenses are limited, so only use the login if you are on official business, thank you.

6. Use Signal messenger for sensitive topics (optional)

Text messages are horribly insecure and last forever.

If you are talking about sensitive topics or anything off the record to journalists, it is highly recommended you use the Signal app on your phone and/or desktop.

https://signal.org/

Signal works on Android/iOS/PC and is endorsed by Edward Snowden, so, you know.

It provides end-to-end encryption of messages, files, and even phone calls, in addition to ephemeral (self-deleting) messages after a given amount of time.

I use Signal exclusively with journalists and any others that require sensitive transmission of information, like legal matters, and highly recommend you do the same.

Paranoid / Crazy Security Steps you can take

7. Use PGP / Flowcrypt for emails (very optional)

If you REALLY need secure communications, I recommend looking into PGP and Flowcrypt for Gmail, which is the easiest way to encrypt emails using military-grade standards.

https://flowcrypt.com/

My public key can be found here: https://flowcrypt.com/pub/kyle.boddy@gmail.com

It’s extremely unlikely you need to know about PGP / secure emails, but in case you are interested, there you go.

8. Use ProtonMail (very optional)

ProtonMail (yes, same developers as ProtonVPN) offers the most secure webmail that is end-to-end encrypted and keeps no logs, and is based out of Switzerland. If you are using secondary email accounts for anything, this may be worth investigating, and it’s free.

https://www.protonmail.com

Value of Diversity – Similar Conclusions, Different Roadmaps (Short Post)

(Short posts are small pieces of info that resemble, you know, what blogging was supposed to be like.)

Diversity (of all forms) is valuable for a lot of reasons both locally (disrupting status quo) and globally (equality), but I’d like to quickly note one reason I think diversity is important that goes underappreciated.

If you are a master at Task X and someone else in your company is also a master at Task X, you might think that is redundant, and it is. But what isn’t redundant are the paths you took to get to there, most likely, and the further divergent they are, the more value you can extract.

Example: In most things in my career, I am informally educated. I studied mostly economics and philosophy formally in college; everything else I learned on my own through self-study, on-the-job learning, mentorship, and so forth.

This is not true about many people I hire. Many of them took engineering, biomechanics, and kinesiology classes in college. Some of them took biomechanics classes and worked in a lab, so they understand both the theory and the practice behind motion capture and reporting behind it.

However, I built my own lab years ago and assembled my current one with zero college education on the topic. How I got to the same understanding as people who work under me took a much different path, and when we run into roadblocks, our differing viewpoints on how we got there allow us a diverse set of ways to attack the problem.

If everyone learned how to become a master at Task X using the same roadmap, it would be hard to find people that stood out as problem-solvers in unknown situations. It would be randomly distributed according to some nebulous problem-solving ability; perhaps IQ would play a role here.

But if you have people who do similar things but in diverse ways, people naturally think about the problem differently, which enables you many pathways to solve problems.

I can speak for myself and my company: Having a good spread of classically educated people in addition to self-starters with little formal education has been a major boon to our productivity and creativity, as people can learn from each other on why they think differently, and incorporate a little from each side themselves.

The same is true about socioeconomic backgrounds, experiences in life, etc, etc, which can all map to racial diversity, gender diversity, and many other types of diversity. Your upbringing forms much of how you think about the world, learn, and attack problems, and having a swiss army knife of variable tools is far more valuable than a homogenous set of screwdrivers.

The Criticism Waterfall

Common wisdom before acting is to listen to everyone, to gather feedback, and take it all in since all voices matter. There’s only one real problem with this.

Nothing you do will be enough to silence every critic. 

The Criticism Waterfall is when the same group of people or different groups continue to lob critiques of who you are and how you go about your business no matter what incremental improvements you make.

I’ll give two examples.

#1: Driveline Baseball and our training methodologies.

  • Weighted baseball training does not increase throwing velocity.
    • We published data showing it did.
  • Weighted baseball training does not increase pitching velocity.
    • We published data showing it did, and professional pitchers showed it off.
  • Weighted baseball training is not in use at the MLB or NCAA D1 level.
    • Oregon State (NCAA D1 College World Series Champions) and multiple MLB teams use our equipment and programming.
  • Weighted baseball training is inherently injurious.
    • There is no evidence that this is true, and recent studies on reasonable weighted baseball programs lend no more support.
  • Weighted baseball training causes a major loss in command because people throw them not giving a shit where they go.
    • Multiple professional pitchers that train at Driveline Baseball massively decreased their walk rates and increased their strike-throwing capabilities, all documented on Fangraphs or other impartial sites.
  • Driveline Baseball does not publish real science.
    • We published two peer-reviewed journals with fully open data.

And on, and on, and on. It simply doesn’t matter what you do, there will always be detractors.

Another example.

#2: Trevor Bauer’s MLB Career, circa 2013

  • Trevor Bauer [TB] is uncoachable.
    • I have never found this to be true. He is challenging and does not accept dogma, but he is not uncoachable.
  • TB does not throw strikes.
    • He has cut his walk rate and seriously increased his “strikeout minus walk” ratio over the last 3 years.
  • TB does not throw hard anymore (in 2013 he was sitting 88-93).
    • In 2014, Trevor touched 99+ MPH.
  • TB lacks an out pitch and cannot rely on his curveball.
    • Trevor developed a slider that became one of the league’s very best over years of tinkering and experimenting using advanced technology and sheer will.
  • TB is nothing more than a league-average pitcher.
    • Trevor was on pace to win the AL Cy Young in 2018 before having his leg shattered by a comebacker. He managed to post a 2.21 ERA anyway with a 6+ fWAR, one of the very best in all of baseball.

It simply doesn’t matter what you accomplish.

So, what can you do about it?

Educated people say things like:

  • Gather all the information and reject what is bad, absorb what is good.
  • Come up with a trusted system of third parties and listen to them.
  • Develop a thicker skin.

The issue is that all of that takes time, effort, and resources. All which are better spent on work, rather than confusing yourself.

I suggest you do what many of the greatest thinkers do, which is to develop strategies and theories based around First Principles and to ignore 99% of criticism and feedback. When you can design a system and see your goals based from the ground up, you know what it should look like and the path you must take to get there.

Example: Elon Musk likes this strategy for helping to design and develop propulsion for SpaceX. What do we really know about the physics of this world? What will it take to escape gravity? How do we do it now? Why do we do it that way? What steps can be optimized given advances in technology and knowledge? Etc, etc.

You ask questions over and over, questions to yourself that you must be exhaustively analytical about, brutally honest on, and think deeply while documenting it somewhere.

And once you have truly tested yourself and analyzed things from the ground up, you have a path to start. Alone. [0]

From there, it’s pretty simple. Perhaps Richard Feynman’s best and most applicable formula was designed to put this kind of thinking into action once you have passed the First Principles stage:

  1. Define the problem. (We have done this through First Principles thinking.)
  2. Think very hard about the problem.
  3. Write the solution down.

Richard wasn’t joking when he said this. If you take it to heart, you might realize the inherent power in the simple three steps he outlines.

Ultimate confidence comes from knowing you are right because you are your worst opponent when you need to be. Listening to people who will never amount to anything and will die nameless is a waste of your time, and only serves to seed doubt in your mind.

Be convicted in your decisions. Act with confidence. This cannot come from taking advice from others who have no skin in the game. It can only come from within.

[0]: This is not to say that having a partner is bad. Almost all good entrepreneurs agree you need one to call bullshit and to help you. But you do not need crowd-sourced ideas. Most of the time, your mom doesn’t have anything to help you with your business idea unless you are having a crisis of character. In which case, talk to your mom. Most other times, though, just know what you need to do. And when you need to know something, unreliable narrators (people) generally only serve to confuse you.

What is Driveline Baseball?

A fitting rebirth to the blog.

Let’s start off with what Driveline Baseball is not.

Driveline Baseball is not

  • …a “weighted baseball” company.
  • …trying to be a baseball training company.
  • …driven by sales and marketing.
  • …the saviors of the game.
  • …a place where Tommy John will be solved.

No, it’s both more complex and more simple.

Driveline Baseball is a company that seeks to employ a diverse staff full of misfits, has-beens, sufficiently angry, creative, and stubborn people who are simply tired of the status quo and want to pursue excellence in everything we do.

  • We should have the best pitching and hitting coaches anywhere, at any level. We will develop players faster, better, and more reliably than any MLB organization.
  • We should have the smartest, most agile research and development team, running at 5-10% of the budget that the largest MLB teams allocate, publishing openly whenever possible to empower people around the world.
  • We should have the best customer service in the industry, serving coaches and players everywhere and redefining happiness.

All we want to do is to pursue excellence in everything baseball at the highest level.

I think we will do it. We are already well on our way to the goals above.

I know we will do everything we can to get there, and bring people on who want that and only that.

The future of Driveline Baseball belongs to the motivated individuals who have the deep, slow-burning fire inside them that can only be created with enough exposure to the inefficiencies and stupidity of the game as it is constructed, and wants to join a staff full of like-minded individuals who have a major goal in their life that also coincides with the goals of the company.

Oh yeah, and we compete fiercely internally and externally.

That’s who we are. If that’s you, we’re always looking for new people to bring on if they meet the continually-raising standard of employment here. Just because someone earned a job title doesn’t give them the right to keep it forever. There is no garbage time at Driveline Baseball. We will find the right role for you and work our asses off to fit you into the right spot to make you productive.

But we won’t tolerate average work.

I’m looking for above-average workers and I’m willing to overlook all the things that corporate America deems important [0] to get it.

So let’s do this thing.

[0]: Sense of style, deference to authority, proper etiquette, and other eyewash things that simply don’t define who a productive employee, manager, or partner can be.