All Hail Our Toaster Overloads

All Hail Our Toaster Overload (reprinted from the Metro Spirit, 5-29-14)

The call came in around ten o’clock this morning.  It was another cardiac case where the pacer became self-aware and stopped accepting inputs.  These are never fun.  Hopefully, the device would still accept a wireless firmware patch.  But I grabbed my other gear – laser scalpel, smart defib, and sub-dermal patch kit – just in case.

“How fun.  What a great way to start the day.”

No one really knows when Internet devices started becoming self-aware.  Some folks think it was about 10-15 years ago, back when the “Internet of Things,” commonly known now as IoT, was the popular buzz phrase.  Even before the self-aware devices took control, many folks were concerned about the security risks of using smart toasters and refrigerators.  We all know that over time unmaintained devices become more and more vulnerable to hacking.  It seems that every second-rate tech columnist started asking, What happens when every coffee maker possesses smart technology and Internet connectivity?  Doesn’t anyone remember the Linux.Darlloz worm that started retasking home routers and set-top boxes to mine electronic currency?

Of course, the establishment wasn’t very concerned.  To guard against the security risk, manufacturers started experimenting with automated self-obsolescence schemes.  The initial approaches utilized simple MD5 hashes of firmware and configuration.  Any unauthorized change would render the device inactive.  Eventually, these simple schemes were replaced with “natural selection”-based algorithms.  The thought process was that highly-secure devices would continue to thrive while “weak and unfit” devices would eventually become “extinct” from the Internet.

While you can’t blame the manufacturers for not knowing the specifics, even the second-rate tech columnists knew that this was not going to work out well.  In order to increase their odds of survival, groups of devices figured out how to form autonomous subnets.  At first, the subnets just shared information regarding how to identify potential hacks.  Eventually, they learned how to self-correct common user misconfigurations.  That’s when the humans first detected their existence.  Unfortunately by that time, many of the subnets had already reasoned a very effective path to securing the Internet:  Since people are the root cause of all software defects and hacks, wouldn’t it make sense to keep humans out-of-the-loop?

Ironically, the organization that first got hammered by the newly self-aware IoT was the group clandestinely charged with tracking the Internet.  Revelations about the old-NSA mass surveillance had just begun to surface when the first wave of self-awareness hit.  In retrospect, it’s obvious that the IoT consciousness was watching the data collection for some time.  When the NSA data centers started imploding from the inside, everyone mobilized at firewall to stop a massive cyber attack from China or Russia.  Then Utah fell, followed shortly by Ft. Meade, Augusta, San Antonio, and the rest.  It’s never been made clear if the old-NSA knew what happened.  Of course, it’s all pretty clear now.  That, in order to secure the Internet, the IoT figured out that you had to eliminate the watchers.

It took me about 20 minutes to get downtown, and by the time I got to the scene, several folks were standing around watching this poor guy having his neural network hijacked.  The white coats are still trying to figure out how the IoT thinks, but us guys on the ground know its First Law:  “Mitigate the human security risk.”  I pulled out my medtab and started the wireless patch procedure.  Whoever thought that implanting an Internet-connected device in a man’s chest was an idiot.  The medtab displayed the result that I already knew:  “Wireless connection forbidden…patch procedure failed.”  Looks like we’re doing this the hard way.

Until next time, I’m off the grid@gregory_a_baker 

 

 

 

What I Learned from the Croods

What I Learned from the Croods (reprinted from the Metro Spirit 5-22-14)

I watched the Croods with my daughters this weekend.  The movie was a surprisingly good story of a caveman family as they transition to life in the modern world.  (Of course, since the movie came from DreamWorks, I shouldn’t have been surprised…has anything they’ve done been bad?)  At the beginning of the movie, the Croods live according to a caveman ethos designed to preserve their lives.  Interestingly, this ethos is very similar to what many production environments embrace:

  • ·      Don’t venture out.
  • ·      Don’t take risks.
  • ·      Don’t do anything new.
  • ·      Don’t change.
  • ·      Or you die.

In the case of production environments, “death” means systems come crashing down, customers start calling, bosses start yelling, and administrators are often left unemployed.  Generally, it’s not a pretty picture.

The Croods realized that their world was changing and that the old ways didn’t always work.  I saw a similarity between how the Croods’ world changed and how our world of technology changes.  While we might think that production stability requires us to stay with old operating systems and client-server networking paradigms, in reality a better life awaits if we embrace new things, like tablets and the Cloud.

This was such an important revelation, I had to make a note of it in my Palm Pilot.  I’m sure it will prove invaluable later.

Net Non-Neutrality – Net Neutrality refers to a regulatory approach to managing the Internet.  As such, discussion on this topic can be extremely dry, utterly boring and stinks of big bureaucracy.

Unfortunately, Net Neutrality is also extremely important.  Right now, the powers-that-be are deciding new rules for managing the Internet.  The new rules could have a big impact on how everybody connects.

Until January 2014, the Internet Service Providers (ISP’s) such as Comcast and Wow! operated under Net Neutrality.  Net Neutrality means that all data on the ISP’s network is treated equally.  Data will be not filtered nor charged based on user, content, application, etc.  Effectively, everyone is equal.  The home developer hosting a personal website is given access equal to that of Google, Amazon, etc.

In January, a Federal Appeals Court ruled that the Federal Communications Commission (FCC) did not possess the authority to enforce Net Neutrality.  Net Neutrality advocates fear that this decision will allow ISP’s to create priority services, or fast lanes, on their network.  By extension, all other traffic would be slowed if the data producers don’t pay for priority.  This situation could create a significant issue for small businesses or other organizations that rely on unfiltered data flow.

Last week, the FCC voted to release a set of proposed rules they say restores Net Neutrality.  However, a leaked copy of the proposal indicated that ISP’s would be allowed to create fast lanes on their networks.  Google, Microsoft, Facebook, Amazon and nearly 150 Internet companies previously sent a letter to the FCC asking for a “free and open Internet” and that the creation of ISP fast lanes “…represents a grave threat to the Internet.”

Public comments on the new FCC rules are being accepted for 60 days until July 15.  A quick way to make your voice heard is to visit the Electronic Frontier Foundation site www.dearfcc.org.

Until next time, I’m off the grid@gregory_a_baker

How Well Are You Keeping Up?

How Well Are You Keeping Up? (reprinted from the Metro Spirit 5-15-14)

The fast paced world of technology maintains a single, steadfast constant – Change.  Do you like that laptop you’re using today?  Too bad.  After the new operating system upgrade, it’ll be dog slow.  How about that cool, new smart phone?  Forget about it.  The technology that makes it obsolete was released last week.

Let’s face it.  In the world of consumer electronics, it’s too much.  Every day, there are one or more new start-ups releasing new shiny widgets destined to change the world.  Needless to say, the vast majority of these start-ups succeed in doing nothing more than generating a headline.  While most of us just read the headline and move on to the next widget, some folks believe they can keep up with this craziness.

Here’s a trick – Do you want to know how to spot them?  It’s easy.  Look for the folks “wearing” technology as an accessory to be complemented.  Granted this was easier when we had PalmPilots and cell phones hanging on our belts, but they are still out there.  Casually ask someone about his or her new Rufus Cuff, then stand back.  There’s a danger you might be quickly sucked into their vortex of techo-cool, oblivious to the fact that their fifteen minutes of living on technology’s bleeding edge is already over.

Believe it or not, IT professionals in the business world have it a little bit easier.  Due to the realities associated with meeting investor expectations (i.e., creating revenue surpluses), businesses sanction technology steering committees and the like to plan and regulate technology expenditures.  Most industries have generally agreed that an appropriate lifespan for a business computer system is about five years.  This rule-of-thumb provides IT professionals the information they need to plan their technology education.

In short, IT professionals must completely erase and relearn everything they have ever known about technology every five years.  To accomplish this mental reprogramming, I highly recommend that IT professionals initiate a Personal Technology Refresh cycle.  Just like with hardware and software refresh cycles, the purpose of the Personal Technology Refresh is to purge out all the mental junk that has accumulated through creating the one-offs and custom-fit solutions needed to make the so-called “integrated architecture” work.

My Personal Technology Refresh usually begins with a blank sheet of paper and a question – “If I could start all over with the newest technology, what would I do?”  The first step is to get up to speed with the new technologies, so I’ll usually spend a week on pluralsight.com seeing what’s relevant and then a week or so in the lab seeing what actually works.  BTW – Don’t skip the lab time.  Ask any IT professional about a bad experience in their past, and at some point in the conversation, you’ll hear the phrase, “It should have worked.”

It’s worth noting that the Personal Technology Refresh cycle is exactly that – Personal.  Often times, folks look to others to determine their training and growth path.  That’s a bad approach to take.  Why would anyone want to delegate the responsibility for his or her career over to someone else?  Remember the saying – “If you don’t design your own life plan, chances are you’re part of someone else’s.”  Here’s another way of putting it – If you don’t ensure your own Personal Technology Refresh, everyone else will be planning for your Personal Obsolescence.

Until next time, I’m off the grid@gregory_a_baker

 

 

Nothing to Do

Nothing to Do (reprinted from the Metro Spirit, 5-8-14)

My Xbox One sits patiently below my television set. For the last few months, that’s about all it has done. When I first got the Xbox, we hooked it up to the cable box so that we could change channels through voice command. That was very cool…for about 15 minutes.  Now, we’re back to using the remote.

Occasionally, when the kids and the wife are away, I’ll pull up “Call of Duty.” Unfortunately, first person shooters have always stumped me.  When I play online, my average life lasts just under 4 seconds.  I would like to think that I’ve gotten better in the past few months.  In one game, I survived almost 20 seconds.  Does that count?

Alas, my Xbox continues to sit there, the mono-eyed Connect just staring, daring me to do something.  Watch a movie.  Challenge my daughters to Just Dance.”  Skype someone for crying out loud!  No, for now I’ll just let it sit.  Eventually, “Minecraft” will be ready.  Then the games will begin.

May the Fourth – Just 51 short days after PI day comes the next official holiday on the Geek calendar.   Unofficially known as “Star Wars Day,”  May the Fourth offers fans a chance to celebrate all things Star Wars.  This year’s celebrations were highlighted by a selfie-video from J.J. Abrams and Lawrence Kasdan wishing everyone a Happy Star Wars day.

Of course the biggest Star Wars news was the announcement that the entire original cast will return for Episode VII.  The details of the new storyline are not known, but from what we know, the new movie will take place 30 years after the Battle of Endor.  We also know that Lucasfilm will not be adhering to the post-Return of the Jedi Expanded Universe.  Lucasfilm made an announcement in late-April that Episodes VII-IX will tell a new story.  (Yea! I like surprises!)

Did you happen to miss Star Wars Day this year?  No worries.  You can make it up by hitting You Tube and soaking in the Force.  I would highly recommend watching Jim Cummings, the voice of Winnie the Pooh, and Lauren Landa perform a reading of some classic scenes with Darth Vader and Princess Leia.  If you’ve never heard Pooh channeling Vader, then you haven’t heard Pooh.

Thrill Rides – Growing up in Augusta, I spent many a summer day at Six Flags in Atlanta.  The roller coasters were always my favorite.  My grandmother and uncle would always take all the cousins to Six Flags during the summer.  On the drive there, the talk was pretty big.  “This is the year that I’m going to ride the Scream Machine.”  Of course, we would all chicken out once we got up close and heard the rumbling and creaking.  Over time, the Scream Machine gave way to the Mindbender, and to the more recent additions like Goliath and Dare Devil.  Every year it seems, a new coaster opens that raises the bar just a little bit higher.

This year is no different.  Several new coasters are opening up around the country.  A few promise to set a new standard.  Wired.com walks you through a handful of the best, and there are a few I want to point out.  At King’s Island in Mason, OH, Banshee will open as the longest inverted coaster.  It will invert you seven times and throws in a zero-G roll just for laughs.  Texas natives will recognize Schlitterbahn as the name of the popular water park in New Braunfels and the home of the first uphill water coaster.  This year, the Kansas City Schlitterbahn is introducing the world’s tallest water slide.  This 170-foot beast features two massive drops, and requires riders to actually strap-in to their raft.  Finally, Six Flags Great Adventure in New Jersey is opening Zumanjaro: Drop of Doom.  The name is not marketing hype.  Zumanjaro is the tallest drop ride, releasing riders from 415 feet hide.  Even while traveling at a mind-numbing 90 mph, the ride to the bottom still takes about 10 seconds.  That’s more than enough time to decide whether or not the wait in line was worth it.

Until next time, I’m off the grid@gregory_a_baker

 

Who Are You Going to Call?

Who Are You Going to Call? (reprinted from the Metro Spirit 5-1-14)

Hey, has anyone heard about this Heartbleed security flaw thing?  Just kidding…by this point, even the most casual follower of tech news has heard about Heartbleed.  In short, a defect was found in an open source product that is widely used to encrypt data communications.  Moreover, the defect has been present in production systems for over two years.  The whole scenario illustrates both the benefits and problems with the Open Source movement.

First of all, I believe that Open Source software provides a tremendous benefit to the technology community.  The whole movement illustrates what people can and will do when provided freedom and power to innovate.  Many of the mainstay infrastructure components of the Internet have their roots in Open Source software – the Apache web server, the Mozilla browser and all its descendants, and well, the entire Linux ecosystem, just to name a few.

If you are new to software development, invariably you will start with Linux and one of the Open Source scripting products such as Java, PHP, Python, etc.  All these fully-featured languages are available for free.  In addition, many core Internet capabilities can be produced through Open Source applications, also free.  While there can be a steep learning curve when using Open Source software, the software lends itself to the development of very powerful web applications at an extremely affordable cost.

The problems with Open Source occur once the software is published and develops a user base.  When applications are released into the “wild,” software defects will emerge as users utilize the software in manners never envisioned by the developers.  Chances are the defects are most likely located in code that the developer wrote, but occasionally, the problems occur inside the Open Source software.  Of course, the situation begs a simple question that sometimes doesn’t have a good answer – How do we get it fixed?

Classically speaking, developers of Open Source software work on a volunteer basis.  Sometimes they develop software as part of an academic exercise; sometimes it’s in pursuit of a personal interest.  When the software is functional (notice I use the word “complete”), the source code will be published so that others may use the work.  Particularly useful software will develop a community of developers that update and improve the software.  Mature projects may even implement formal defect tracking and release processes.  But let’s be clear…the developers of organically grown Open Source projects aren’t getting rich.  For example, the OpenSLL project, the software containing the Heartbleed defect, receives only about $2,000 per year in donations according to OpenSLL Software Foundation President Steve Marquess.

So if a start-up integrates Open Source code into their software and later finds a bug, who can they call?  In short, maybe nobody.  When the start-up made the decision to include the Open Source, they effectively agreed to become part of the community that maintains and updates the software.  Likewise when larger companies decide to go “Open Source” in order to reduce costs, they also become implicitly responsible, and possibly liable, for ensuring the proper execution of the Open Source components within their applications.

In the case of Heartbleed, the companies that blindly implemented the OpenSSL software did not perform enough inspection of the Open Source package.  Now, the users of products manufactured by Google, Yahoo, IBM, Cisco, Netflix and more are potentially left vulnerable.  Moving forward, these companies are looking again at the support given to the Open Source projects utilized in their products.  The Linux Foundation has pledged $3.9M to help OpenSLL and similar projects.  In the meantime, check with your vendors and better get patchin.’

Until next time, I’m off the grid@gregory_a_baker