Spectre/Meltdown bugs in Intel and AMD chips – welcome to 2018 everyone!!

Happy new year! And we thought 2018 would be different, in a nightmare that could be straight out Blofeld’s playbook IT departments around the world come back from a Christmas break to the same old same old, another set of security flaws to tackle!

I’m sure we’re all well aware of the new vulnerabilities found in the processors inside pretty much every device from the iPhone in your pocket, through the PC on your desk to the server in your data centre. Meltdown (specific to Intel) and Spectre (affecting Intel and AMD chips) are the latest bugs we need to race to mitigate before a wave of malware exploiting them appears. However this time it’s not that easy as the issue is in the hardware and not so it’s not just software that can be simply patched. So although it’s looking like a combination of BIOS/microcode updates, OS patches and software patches will mitigate the issues, the underlying hardware flaw will undoubtedly be with us for some time!

If you want to read about the ins and outs of the bugs then this page is a great place to start.

However in this post I wanted to pull out some specific articles and pointers on the likely impact on the desktop PC’s. Pretty much every article on the fixes indicate there will be a performance impact, whether negligible or not from a users perspective there will still be degradation. If you read the technical articles on what the patches are having to do to address the flaw there clearly has to be an affect.

First off let’s cover off the Intel chipset names, indicative years and example PC’s (I’m using Dell business models purely as an example). Just so there’s a reference for the subsequent articles.

Intel generation Intel name Indicative year Example Dell device
1st Nehalem 2008/09
2nd Sandy bridge 2011 Latitude 6220
3rd Ivy bridge 2012/13
4th Haswell 2013 Latitude 6240
5th Broadwell 2014/15
6th Skylake 2015/16
7th Kaby Lake 2016/17 Latitude 7270
8th Kaby Lake R, Coffee Lake, Cannon Lake 2018

There are a couple of articles that have been released by Microsoft and Intel giving an indication on the likely impact you’ll see.

The Microsoft article indicates if you’re running Skylake, Kabylake (ie end 2015 on) processors in your PCs and running Windows 10, then the impact should be pretty much unnoticeable to your users. BUT in reality I suspect a lot of law firms (and other large firms) unless they have recently refreshed will still be running some older kit, possibly 3rd to 5th generation and to be fair as far back as Sandy bridge will probably be still performing OKish. In the words of Microsoft “With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPU), we expect most users to notice a decrease in system performance.”

The article from Intel plays out a similar story for 6th, 7th and 8th gen processors, in that users should not see an impact.

“Today we are sharing data on several 6th, 7th and 8th Generation Intel® Core™ processor platforms using Windows 10. We previously said that we expected our performance impact should not be significant for average computer users, and the data we are sharing today support that expectation on these platforms.”

They also have some tests on Windows 7 that show a similar result. Intel have not published details on the affect on pre-6th gen processors in the article.

Interestingly all the tests I’ve see seem to show that SSD’s are impacted much more than traditional mechanical HDD’s. Kind of ironic given we all moved to SSD’s to improve performance!

Some independent technology sites have produced more comprehensive tests for many different scenarios and broadly the results are similar to the above, on new processors there is a negligible impact on perceived performance. And that SSD’s seem to be affected more, but there is hope in this article that further updates could tune this performance.

It’ll be interesting over the coming days to see some real benchmarks against 2nd, 3rd, 4th and 5th generation processors. The additional challenge here of course here is that although you can patch meltdown with an OS patch, spectre requires some bios level mitigation, which therefore relies on the manufacturer releasing these for the older models (for example Dell has fixes back to some Ivy bridge models but none that I can see for Sandy bridge yet).

There is of course no choice really. We can’t not patch this issue, but in this case there is a risk of performance impact that we need to balance.

I won’t go into servers at the moment, but this tweet shows the challenges we may have here for some systems!

So, if any legal supplier or legal IT team has bench-marked kit that has 2nd, 3rd, 4th and 5th generation processors in, it would be great if you could post results in the comments? After all the whole industry is in this one together and the sooner we can all get patched the better!!

Share

Should we just take email out of our Document Management Systems?

So here’s my question. Is the Document Management system still the best place to store your emails?

This is a topic I’ve pondered for a few years, pretty much since the time email became about 80% of our DMS (document management systems) repositories. In a perfect world the inbox would be free of the client and matter related material in a law firm, in reality for a whole host of reasons it isn’t and so we duplicate storage and more.

This past week the following update from Microsoft and their Groups product (is it a product or a concept?) triggered me to think about this again.

Now within Groups you can drag messages from your personal mailbox to the group mailbox, so if you had a group created for each matter that got spun up for the matter team, then within core Microsoft technologies (Outlook and Exchange) you could drag and drop and have that email available to the whole team. In Outlook on the desktop, on the web and on mobiles. No addins, no plugins, nothing.

So because of this I ask myself again, isn’t using this better than putting in another system? Just keep the DMS for documents?

The other option of course is that the Group mailbox is transferred to the DMS as a whole on completion, meaning the day to day access can stay in the core Microsoft architecture. Then at the end the matter file is complete and in one place for future searching requirements.

Either way though, the take up of Office 365 (Exchange) is coming I’m sure. We see firms moving already and Microsoft engaged directly on this very topic with a large number of firms. We need to start to think about how the DMS vendor cloud architectures work with the Microsoft cloud world in a way that goes beyond replicating the way its worked on premise don’t we?

Share

A few thoughts on artificial intelligence for both the sceptic and evangelist!

I find myself having more and more conversations about AI (artificial intelligence), whether it’s in Legal IT circles such as the recent panel I chaired at LawExpo 2017 in London or just a discussion with my brother on the ethics of the impact of this “next revolution” on the job market. My stand point has a mix of scepticism about how quickly this will happen and a dose of optimism that we will find a way to navigate this shift without mass unemployment.

I sometimes think though I am alone on both counts though. An example is this long but well written article on how we’re all going to lose our jobs to robots, for those in their twenties this article basically says you’ll all be out of a job before you retire! But then there are other more tempered articles that suggest not all jobs will expire but that we’ll adjust to use the tools in our jobs rather than the tools replace them. Or other more positive views of a future business world with AI.

My sceptical side can’t help but pull out articles like this one from 1992 which talked about the future of speech and pen recognition. “If I were a researcher, I’d feel I had a better return from studying speech recognition” [as oppose to handwriting recognition] and comment about how great a stylus would be for painting and drawing. Some 25 years later with Alexa and the Surface pen/Apple pencil we just about have the tech to achieve each to a reasonably successful degree!

But we will undoubtedly see a revolution that eclipses the industrial revolution and transforms the world of business, whether it’s in 5 or 50 years. And I look to the tech leaders like Bill Gates and Elon Musk who are sounding a warning that pretty much every politician is ignoring.

“I’m increasingly inclined to think that there should be some regulatory oversight, maybe at the national and international level, just to make sure that we don’t do something very foolish. I mean with artificial intelligence we’re summoning the demon.” – Elon Musk

Bill Gates has proposed possible solutions to managing the problem with taxes on robots and the long article linked to first in this post has other options for tackling the transition. We do need to start looking at what this revolution might mean for business and more importantly society, in a very barbell shaped economy more technology will only erode the middle even more and probably also erase the low end job market entirely!

However I think we have time, AI will form a huge part of technology solutions in the next 10 years I am sure, but in very specific applications and the majority of these I think will be in assisting humans rather than eradicating them. After all there will be plenty of companies that follow the Dilbert principle in this cartoon!

Share

Too busy to blog, I wonder why?

It’s been a bit of a hectic few months, too hectic to blog (read this for the why or this). However it’s been a month that I will look back on at some point in the future and realise a huge amount has been learnt (as a firm, as a dept, as teams and for me personally).

In the coming months I am sure I will blog about some of it, maybe something on the poor reporting by legal press that implied simple lax security (this wasn’t your average script kiddie attachment on an email attack), or something on future disaster recovery planning for firms in general (we’ve potentially being planning for the wrong thing for decades), maybe lessons learnt from the recovery (because I’m now sure this will happen to many more firms) or how it’s essential to have a fantastic dedicated team around you to keep things going and really deliver under huge pressure. But that’s for another time.

This week is ILTACON and it’ll be interesting to see what comes out during the week on the shakeup of the organisation or whether there is anything new that comes out other than the usual commentary on how bad law firms are at things (we’re not innovative, we aren’t changing, we’re the weak link in security etc etc). I kind of think the open letter written by Rick Hellers is spot on, there needs to be a shift to the educational and a move from just commentary in a lot of legal conferences. My aim therefore this year at any talk I do at a conference is to talk more to this, how we can do things rather than pick holes in what we might not be doing.

Share

Yes sorry it’s another AI (and Uber) post – but also Ravn and iManage!

Honestly this isn’t Legal AI click bait! But on the back of the big news in Legal IT recently (the news regarding Ravn and iManage, not the Tikit and NetDocuments news yesterday) it reminded me of this interesting post on Uber’s use of AI I caught in the tech press.

This was the article, Uber using AI to adjust prices according to the rider. It caught my eye as I am always intrigued by Ubers continued use of technology. Whether it’s pushing the envelope with the AppStore to try and fingerprint itself to track reset devices or use of specific apps to detect and avoid city agencies sting operations with the tool called greyball, their innovative use of tech (if not their moral use of it) is fascinating.

The AI article though got me thinking, is this a use of AI that law firms could utilise? On the face of it it looks a little bit dishonest or a recipe to annoy your clients even more, but factor in some specifics like acceptance of risk the client is likely to take, speed over quality or vice versa, whether they are a key client, a loyal client or a one off engagement, or a client in a market you want to break into, their location (ie for global firms in jurisdictions where the average local rate is much lower than the firms average global rate) etc etc and you could start to get an interesting model that is consistent to the client and tuned to their need, but also financially beneficial to the law firm. Of course as @jordan_law21 put it on twitter, “You can have a flat fee, or you can see our dockets, but not both. Build client trust and they won’t ask for the latter”. As with fixed fees you would need to be up front with the client that this “tailored rate” was in play but they would get the best value using it!

Like I say I’m not sure it would fly, but for innovation to flourish in law firms we need to have a few wild ideas, poke them a bit and be willing to bin them if they just won’t fly.

For those that missed it, this was the Ravn/iManage news that came out of ConnectLive17.

“that iManage, the leading provider of Work Product Management solutions, today announced that it will revolutionise the way companies find, extract and act on key information from documents and emails through its acquisition of RAVN Systems, whom as you know are leading experts in the field of Artificial Intelligence (AI) and Cognitive Search” – press release here.

If you’re a customer of either it’s got to be exciting or at the very least interesting news. The possibilities of all that core law firm data in your document stores combined with Cognitive Search and AI are numerous. It also makes the introduction of AI solutions more about what you’re trying to do than about the technology complexity of getting all that volume of information through yet another system.

Share

Mastodon – like a 2007 Twitter all over again!

Was it really January when I put up my last post? This year has flown by!

Over the last couple of weeks though I’ve been using Mastodon, a new social media platform that will be recognisable to some as Twitter from circa 2007, no strange timeline adjustments or adverts, no restrictions on third party apps or missing @’s in replies. Back to basics. There are a few differences though. Firstly it’s an open source platform, mastodon.social was the original but anyone can spin up an instance (I’m currently on mastodon.cloud as @planty, just like on twitter) and so the main timeline you see with all the toots (tweets) are from the instance you’re on, BUT you can also see a federated timeline of these and all the other instances that are out there too!

This difference could be a really good move and a big reason to try over Twitter. You can spin up an instance for a specific subject, keeping the trolls and the noise out. So for example a mastodon.legal, but you can still take part in a wider debate through the federation to all the other instances. Also as its open source there really isn’t any need to monetise and so it should avoid the need Twitter feels to make it more like Facebook!

There are some thinks that could get confusing, for example I think you can have the same username on different stances, so @planty could appear on another mastodon instance, the federated toots show the instance as a prefix so you know which is which. But it doesn’t take much to see how this could be abused. However like I say, this is like early Twitter where rules are formed by the users, I’m currently struggling to remember how I started picking those to follow and build conversations, using things like all over again!

It’s good to be back 🙂

Update 19/04: Today I signed up to another instance, one created for legal folk (resipsa.social). Good that the legal community is already onboard, but it also highlighted to me a potential problem with Mastodon, I’d already started on mastodon.cloud so now I’ve got two profiles! I’ve created @planty on both, but there is a feeling that things are becoming fragmented. If I had followers in theory I can export and import across instances, but not the ‘toots’ so for the time being it feels a bit odd.

Will let you know how I get on.

The first tweet I ever made on a now retired username I once used
Share

Experience in Artificial Intelligence – lessons for Legal IT in 2017

To start 2017 I thought I’d have a quick look at 2016’s favourite Legal IT topic, Artificial Intelligence (AI). Reason for picking this topic is down to two pieces of technology that I brought into our household at the end of last year that utilise AI heavily. Those are Nest and Alexa.

The former has brought home to me what I think is going to be a key issue in adoption of AI in law firms, that is trust. My Nest thermostat “learns” over time and one of the key aspects of this is watching for when you go out of the house, the system then reacts by turning thee heating down. At the same time it triggers my Nest security camera to turn on. Over Christmas though I’ve noticed, on odd occasions, when we were out that the camera would turn on but the thermostat wouldn’t drop the temperature. Other times though it would, there seemed to be no consistency. After a lot of old style IT troubleshooting and a lot of googling, I eventually found that this wasn’t a bug, but that Nest had learnt patterns and our locations and kept the heating on when it thought our trip was local and brief, thus in its mind turning off the heating was less efficient (as otherwise it would need to heat the whole house from scratch on our return). The camera though it realised should be on immediately.

This is my trust point, until I fully understood what was going on I didn’t trust the technology. I thought it was just not working, so I had taken to manually overriding the settings when we went out. In reality it was working very well and actually better at predicting things that would save energy than I was! This issue though will be the same with Legal IT AI, getting the trust will take time and will probably need a full understanding of how the machine is learning before people will accept AI into the mainstream functions.

Alexa to me is voice recognition starting to become useful, moving from the smartphone (Siri) or the computer (Cortana) to being “in the room” makes so much sense and is much more useful. Whether it’s controlling the lights or simply putting on some music it genuinely is useful rather than a gimmick. It is impressive how Alexa is using all the data it is gathering to improve, however it also shows how far AI has to go in terms of human interaction. It is way beyond having to specifically phrase your commands or questions, but there is so far to go to get beyond a few “skills” it has now.

These two areas fuel my scepticism around AI. No that’s not fair,  it’s not scepticism it’s just wanting an injection of reality into AI within Legal. I am impressed with Alexa and Nest and the more I use them the more I get impressed by the learning, however my expectations for the technology (particularly for Alexa) were not overoptimistic. I think if we adopt a realistic approach for AI in Legal in 2017 then it can and will be a great enabling technology for firms. If we don’t temper the hype though, we’ll be disappointed or fail to trust it and it’ll go in the bin for years before we try it again!

Share

eSignatures – no nothing to do with vaping!

Following on from my Uber post on innovative IT solutions, I wanted to look at one of those “been around for ages” technologies in Legal IT that is rarely used in anger yet could be a simple solution, that maybe not ground breaking, would add a real consumer feel to technology in law firm transactions. I’ve been meaning to put this post up after seeing a product in this category again and also hearing from an in-house lawyer team from a large global corporate at the recent ILTA Insight conference.

“Technological innovation is the next step…..simple solutions like e-signature to make sure its used in every context across our global legal community…..through to evaluation of AI tools”

So in the same breath as Artificial Intelligence (surely the buzzword of the year in LegalIT!) a solution that’s been around for ages is mentioned. But rarely does it get mentioned alongside big data and AI within law firms as an sexy “innovative” solution.

So what are eSignatures?

The product that I’ve seen in action recently is Docusign, however it’s perhaps the most boring of tech demoes you’ll see (not the fault of those running the demo!). Simply, like a traditional signature, eSignatures are symbols or other data in digital form attached to an electronically transmitted document as verification of the sender’s intent to sign the document. So the demo for Docusign is integrated into a document signing process, it’s slick and so like a lot of simple solutions doesn’t seem that much. (There is some more info here on exactly how it works: https://www.docusign.co.uk/products/electronic-signature/how-docusign-works)

Adobe Sign is another example with a nice little demo on their site to give you an idea of the process (https://www.adobesigndemo.com/uk/demo/send)

And this year (2016) saw the UK legislation implementing the EU directive 2014, this should be implemented by all 28 member states and so allow cross jurisdiction eSigning. What happens to the UK post Brexit who knows, but I suspect it’ll be some time before our legislation deviates from all the EU directives.

There is a lot of information that is worth reading about how the verification process can work to ensure that the person signing is who you think it is, however sometimes I wonder why we don’t worry as much about fraud and crime in the “paper” world as we do in the “cyber” world. Faking a signature or taking copies of a paper file have virtually no security wrapped around them! But that’s a topic for another day!

So why isn’t it widespread?

Tools like eSignature, document automation, speech recognition and others seem to have been around in some form or other since I came into Legal IT in the second half of the 1990’s. And I think one of the difficulties has always been about engagement with the right teams in the business and also trying to measure and justify the cost. The former is more a challenge in areas like document automation where a lawyers time is needed, this isn’t an “IT product implementation project” it’s business process change to get the real value documents automated. The latter though fits with eSignatures, unless you’re a volume business and you can measure a simple ROI (return on investment) against the cost of say postage or another tangible measure in huge numbers, it’s difficult to see the areas where monetary value could be tracked. But maybe this is it, maybe we need to look at value as something other than £’s, $’s or €’s. Something like the simplicity and feel that a client would get on being able to apply a simple online signature, rather than a paper one. In the consumer world when was the last time you signed a T & C’s document when purchasing something or had to wait for the “paperwork”?

Sometimes it’s the simple things that can give huge value. To quote Steve Jobs “We’ve got to make the small things unforgettable”.

Share

Legal IT vendors you’re not Uber, you’re just cost cutters

If there is one company that gets thrown into conference presentations on “disruption” in law firms more than any other it’s Uber. So is Uber really disruptive or is it just innovative?

“A disruptive innovation is an innovation that creates a new market and value network and eventually disrupts an existing market and value network, displacing established market leading firms, products and alliances.”

In my city it hasn’t displaced established firms or products, I suspect in some cities it has started to put existing firms out of business. But anyway that’s not the point of the article, what I often thought when hearing these talks was what actually are the key aspects to Uber’s popularity? The things that make us use them above other taxi firms? And then how would you achieve the same in a law firm?

For me personally Uber does the following:

  1. Fixes the “the driver is just round the corner” or “the driver is 10mins away” excuses when you asked a dispatcher where the taxi was. You now know exactly where the taxi is and how long you have to wait for it to arrive.
  2. Convenience of booking. No remembering numbers or what the local taxi is. It works how we work, online. A phone is now a computer and no longer a, well a phone.
  3. Lack of taxis during busy periods. Surge pricing is a big incentive to get drivers on the roads, meaning more taxis and less waiting.
  4. Lower cost. But, and it’s a big but, I think is the least important. It’s great it’s a bit cheaper but the above three would encourage me to continue using Uber regardless of a cheaper price.

And it was that last one that got me thinking that the focus in a lot of legal conferences is all about reducing the cost. Using AI to do due diligence to reduce cost, using document automation to churn through documents faster to reduce cost, automating processes to reduce cost, use legal delivery centres to reduce cost.

What we need to do is find the equivalent of the first three, what are the niggles that clients feel everytime they use a law firm? It’s not necessarily an IT solution that a Legal IT vendor can sell. It is more likely to be a simple niggle that every client is facing when dealing with law firms.

In a competitive market keeping costs low and building your market share is important, but the disruptive firm is going to find that problem to solve that’s not about cost saving but getting rid of that annoyance that many clients are facing.

And Legal IT vendors, stop advertising your tech, however innovative it is, as something that’ll disrupt and simply point out it’ll cut costs! This isn’t a bad thing in itself.

Share

OneNote and Office Lens – hidden gem or does everyone know?

This is one of those blog posts that I’ve thought about for a while, but worried that I was stating the bleeding obvious and so have put it off. I’ve used Office Lens and OneNote for so long now that I figure others must know about it and be using it? But if not then there are folks missing out on a really useful tool for anyone who needs to collate information from various sources (whiteboard write ups, projector screens, hand written notes on paper, printed documents, business cards etc). Given that law firms are mainly users of Microsoft Office and are now generally on smartphone platforms it’s a great combination for the lawyers.

So here we go.

Office Lens: This is a smartphone app for iPhone, Android and Windows 10 Mobile. Its purpose is to allow you to quickly take notes using the phones camera.

The app allows simple selection of some defaults (whiteboard, document etc) to set things up and then attempts to auto crop the content (and does a good job for most things). You can then fine tune this before accepting the photo, where the app then flattens and straightens up the image (so if you’ve taken the photo at an angle what you end up with is a nice flat image).

officelens

You can then email the document or import quickly into one of the key Microsoft Office apps, the most useful I have found being One Note. It’s a really quick way to collate notes together in a OneNote notebook. For scanned images where the text is machine readable OneNote then OCR’s the content and makes it searchable in the notebook. For business cards you can of course simply photo the card and immediately add the information directly as digital contact to mobile address books – there’s an article here on how to do this.

Best of all it’s totally free.

Share

A law blog written by someone from IT or an IT blog written by someone who works for a law firm