Why I’m sticking with Garmin

This past week was not a good one for Garmin. Their ransomware attack was one of the worst that I’ve ever seen. I’ve spent over 20 years in IT and I’ve never seen a company become so paralyzed for so long. Everything seems to be back up and running now, but a lot of people in the fitness communities are asking if it’s time to move away from Garmin. I considered it briefly, but I have one very strong reason for sticking with them, and it’s actually what saved their bacon in this outage.

Direct file access.

Unlike most fitness watches on the market place, you can still plug your Garmin in to your computer and grab your .fit activity files, and do whatever you want with them. It’s why most people were able to continue to upload to sites like Strava just fine during the outage. You can still use the watch, and access your data, without the intervention of an online site. Granted, it’s not as slick and cool as the full interface, but it works, and I know my data is safe. That’s the key.

My wife used to own a Suunto, and their MovesCount platform seemed to have issues periodically. When that happened, she was S.O.L. The Suunto watches don’t have any way for you to get into their file system, leaving your only gateway, the app and online service. Coros appears to be the same as well.

So despite having one of the worst cybersecurity breaches in history, I’m going to stick with the tried and true, that gives me the most flexibility at getting access to my data. Thanks Garmin for that, even if you need to work on your cybersecurity infrastructure.

Garmin woes

So for folks wondering about the Garmin outage, here’s my two decades of Enterprise IT experience “guess” at what’s going on. Just my speculation, but I’d put money on some of my predictions being right.

The report is that they got hit with ransomware. That most likely means that someone got socially engineered and downloaded something to their computer that they shouldn’t have. If much of Garmin’s staff is working remote this could have been someone using a personal computer to do work, when they should have been given a dedicated, and hardened corporate device. Many organizations were NOT ready for a massive shift to remote working and got caught with their pants down, and Garmin may have been lax with security in the interest of getting work done.

Lesson #1: Disaster recovery is not just a side hustle for your infrastructure manager. You need a top to bottom plan on how you’ll run your business when people can’t be in the building.

The latest scuttlebutt is that it also took down their phone system and email. If they’re running an internal email system that means that this thing was probably running rampant for far longer than it should have. It means it got into nooks and crannies of their storage systems that it never should have. The fact that it took down their phones means it probably got into some incredibly critical network systems as well. This is a huge breach of security, and means that the initial infection may have been someone with really high level access to systems.

Lesson #2: Don’t let people log in to secure systems with day-to-day user accounts. Force people to use specialized, highly secured, network accounts to get access to sensitive systems. Yes, it’s a bit of a pain to deal with multiple layers of access, but it can prevent things like ransomware from spreading.

Finally, the news is saying that they may be down until the 25th. That’s two days from now. If that’s the case, then they’re probably looking at doing some form of mass data restoration from archive backup. Dear god I hope they’re still not depending on tape. If it takes 36 hours (which is where we’ll be by then) to restore your critical systems, your backup strategy has some serious flaws. In my organization we dealt with this type of thing often, and we would use vendor specific snapshots to allow for rapid recovery.

Lesson #3: Your backup system needs to be able to deal with rapid recovery of massive systems. You can’t just archive stuff through Commvault and expect speedy recovery times.

So that’s my quick and dirty assessment. This is ugly, and there’s probably a lot more to the story that will come out in the next few days. There’s a lot more lessons here than the three I mentioned, and I’m sure that Garmin will be spending a lot of time improving themselves after this event.

Unless this was some kind of state-sponsored, targeted, attack, there’s a lot that Garmin could have done to prevent this. Let this be a lesson for other companies. Think ahead and don’t brush off the recommendations of your cybersecurity and infrastructure people. We know what we’re talking about.

Thinking about my tech ecosystem again

This past week was the WWDC conference, held every year by Apple to tout its newest features that will be making their way into their operating systems. This year, for the first time in a while, it felt like Apple had its ‘mojo’ back.

A couple of the announcements have me thinking about my ecosystem again. A few years ago I started moving all of my things into the Google ecosystem. Google Docs and Gmail were taking the world by storm and jumping on board seemed like the place to be. I was able to access my documents from any web browser, and I didn’t think twice about what it meant to participate in this new world that Google was creating.

I also jumped on board with a Chromebook, and for a reasonable price had a portable computing device that could easily access this new world. I eventually retired my Chromebook, due to age, and went back to a MacBook. Before I had gotten my Chomebook I had made my first attempt to make my iPad a fully fledged computing device. I tried to weave together a bunch of different apps to create a desktop-like experience, but it just wasn’t there yet.

Over time a lot of different apps have come to the iPad, including dedicated apps for Google Docs, Microsoft Office, and Apple’s iWork suite. These have helped to fill a huge gap in the productivity arena, and this past week Apple showed off their newest creation, a dedicated iPadOS. This operating system takes iOS and expands it to create a more robust, laptop like experience on the iPad. It was a bold move by Apple, if for no other reason than they had been resisting it in the past. This recent keynote showed that they’re finally acknowledging that people need a bit more power that allows them to go beyond the Apple paradigm of how to get work done.

With the inclusion of real file access, better text manipulation, and a much needed boost to Safari, I feel like I could actually use an iPad as my main mobile working device. Especially since there are now iPads in the $329 range that I could pop a ruggedized bluetooth keyboard and case on, and feel comfortable biking and camping with.

The next thing that’s got me thinking more and more about getting out of the Google ecosystem is the continued drumbeat of the past couple of years around the technology society that we’re living in. For so many products on the market, the actual “thing” for sale is not the device, but the user of that device. From Google’s “free” services, to Roku streaming services, everyone seems interested in knowing everything about me so that they can convince me to buy whatever they want. Apple drove this point home with its announcement of their new login service, “Sign in with Apple” that allows you to sign in to websites using your Apple ID instead of Google or Facebook. Apple has stepped up to promise that they won’t sell your data, and are even taking steps to help you obfuscate your email address from apps.

People sometimes complain that Apple devices are just too dang expensive, especially compared to other devices. There is certainly some truth to this, and they opt to go for the premium side of the market, but at the same time, Apple has chosen to make their business more about the hardware that you buy up front (along with the services direct cost), and less about selling the data around who is using the device. That means that they can’t subsidize their hardware through advertising revenue, and hopefully it stays that way. My wife and I had a conversation just the other day about this, and she commented that perhaps Apple should lean more into this in their messaging to consumers. It might draw in more people who are simply done with the way that companies have been using their users.

All of this is to say that I’m thinking of going back more deeply into the Apple ecosystem, and moving more away from Google. It might spur the purchase of a new device or two, and most certainly would influence the choices I make around the services that I use. I’m not decided on anything yet, but its quite a bit of food for thought.

Fired up about Firefox

Something that’s been bugging me a lot recently is the trend in technology to adopt a “surveillance capitalism” model of doing business. In Shoshana Zuboff’s recent tome on the topic, she dives into the nature of this new reality that we find ourselves in, and the pitfalls that we’re facing because of it. Quickly put, surveillance capitalism is about how our personal data, behaviors, and desires, become commoditized and sold on a marketplace for the purpose of targeting us with specific advertisements. Or far worse, for the purpose of altering our behavior to match a certain worldview or philosophy.

I’m not going to get too deep into all of this in this post, but suffice it to say, I’ve been thinking a lot more about who has data about me, and how am I letting them use it. Months ago I started turning off various tracking tools that I knew were helpful to me, but resulted in my behavioral profile being made available to an unknown marketplace for unknown purposes. I love some of the convenience of technology, but because we’ve gotten so used to getting everything for free, we often forget that nothing is actually free. Instead of paying for services as we consume them, we allow our behavior to be sold as a form of currency, in exchange for the tools we like to use.

That all got me thinking about some of the tools I use in everyday life. In particular my web browser. I’ve been a Google Chrome user for many, many years. It is by far one of the most feature rich browsers out there, and it has become the de-facto standard for delivering internet content. It’s also owned by Google, which is the largest consumer of behavioral data on the planet. That means that many parts of it are inexorably linked with Google’s tracking enterprises, both to make our technology more helpful to us, but to also pay for it all through the marketing of our data.

To combat this, a few days ago I decided to download Firefox again, and give it another go. I’ve installed it on all my devices, and after a few addons that I’ve come to rely on, I’m all set up again to browse the internet the same way I was doing with Chrome.

One of the first things I noticed was how much slimmer and quicker Firefox was. Especially on a Mac, Chrome is a bloated memory hog. Firefox seems to be a much trimmer and efficient tool, and I’ve noticed a lot fewer processes running in the background. Granted nothing is ever going to be a fast or quick as Safari is on a Mac, but the added benefit of better addon and web application support is a palatable trade off.


Additionally, I’ve found a few useful features with Firefox that are missing from Chrome. One in particular that I like is a little blue notification dot that appears in pinned tabs, when there is a new event in the tab that I need to check. This means that I can visually see a cue when I get new emails or other notifications, in a simple manner. This might seem like a small thing, but it’s something that I’ve missed for a long time since it was removed from Chrome.

I’ve only come across one issue with an app called Telegram that would not load correctly in it’s web interface. However, there was an addon in the Firefox marketplace that fixed the issue. Not sure if Firefox is just being too restrictive in it’s security, or if there’s an actual incompatibility.

So far my experience with Firefox has been overwhelmly positive. I’m going to give it a solid two weeks of exclusive use to see if I find any other issues or perks. However, based on the last couple of days, I think it’s really matured into a great browser, and a nice alternative for those of us who’d like to be a little less invested in the marketplace of human behavior.


Minimizing running tech

This past weekend I got to help some amazing people as they attempted the crazy Zumbro 100 in a blizzard. One of those people was Susan Donnelly, who is a beast in this sport, completing over one hundred, 100 mile races. She recently posted a blog about running and turning off your technology to listen to your body. This was actually very timely for me, as I had just recently made some changes to the way that I use some of my running technology.

I’ve been GPS tracking my runs since very early on in my running career. In the early days of 2010 I used a phone with a GPS app on it to keep track of my runs, as this was the easiest and cheapest way to do GPS tracking. As a quick aside, tech people will get a kick out of the fact that my first GPS tracking phone was a Palm Pre, completely with sliding physical keyboard. Eventually though, I decided to move up to something that had better tracking capabilities, and didn’t require physically handling a phone mid-run to see where I was at.

I purchased a Garmin GPS watch and from that point on started using it to keep track of every (outdoor) run that I went on. As the years have gone by I’ve upgraded a couple times, and each time has given me a more advanced device on my wrist. Every new watch has all kinds of fields, trackers, HR monitors, and calculated measurements by which to analyze my run, on the fly.

On more than one occasion I’ve found myself looking at my wrist, mid-run to see what my current pace is. Sometimes it pushes me to work harder, but many times it doesn’t do more than just annoy me. Therefore, I’ve decided to take advantage of all of the customization options on new watches that allow you to change what your seeing on every screen.

My current running setting is now set up with only one field on the main screen… total distance. I can press some buttons to go down to different screens and see other data, but by default, all I see is how far I’ve gone. That means that I’m less tempted to look down at my watch to tell me what to do, and instead simply listen to my body. There’s no current pace, or lap pace, to cloud my judgement. I just go with what my body feels like it’s capable of, and only worry about how far I’ve gone.

I could also create another screen that is just total elapsed time if I wanted to do more duration training, but for now the distance field is all I need. None of this means I’m less of a data geek. When I return home I upload my runs and dive in to the data as quickly as I can. I still like to see everything, but I find that I run better when I’m not distracted.

The beauty of modern watches is that I can very easily switch over to some screens that give me more data if I’m doing a very specific training routine that requires it. Overall though, I’ve found that running by feel is the best for me to keep me running strong and injury free.