The coming bugpocalypse

January 26, 2015

It’s a common trope in SF for a society to get too reliant on technology (especially sexy alien technology) and then get into trouble when it’s taken away. In fact this seems to be a key tactic of sexy aliens. But there’s no need to invoke aliens for what is a real problem.

Any use of technology comes with it a “disaster recovery” (or DR as they say in the business) plan. If you regularly drive a car to work, what would you do if one morning it doesn’t start? Depending on your circumstances you might ask your spouse or roommate for a ride, seek public transport, or if you have a flexible work arrangement, work from home that day. Sometimes a DR plan is implicit, unstated. Un-thought-about until it’s too late.

As technology marches on even the fallback plans become vulnerable. If your work laptop crashes, how do you file the ticket to get it repaired? If your work network goes down, and the entire phone system is built on top of the network, how do you even let someone know there’s a problem? On the broken internet, nobody can hear you scream.

It’s terrifying to think about a scenario where a disastrous bug sweeps across the internet, and the folks who would normally fix it get caught up in the wash of system failures. Or the necessary fix uncovers an even more serious bug. Rinse and repeat. Automation adds layers between people and technology, until no one person fully understands what’s going on. That’s a recipe for some conflict. Hence this story I am working on. Stay tuned for details.

P.S. I’m pondering setting up a mailing list for fans & first readers, leading up to a product launch. If you’re interested, drop me a line.

 

 

0

Best reads of 2014

January 14, 2015

Playing with the statistics on Goodreads. Apparently I read 115 books in 2014, 14 of which I rated as 5-star. Fourteen books that changed my life and/or I will definitely be re-reading at some point.

I’m working on formulating some more stats based on the data. Goodreads doesn’t do much in the way of breaking out the data for you.

But of the 14, exactly half were non-fiction. The rest were:

  • A Treasure of Modern American Poetry
  • The Hobbit (already a re-read)
  • Red Plenty
  • The Martian
  • Annihilation
  • Synchrotronic: Thirteen Tales of Time Travel
  • Labrynth: Selected Stories & Other Writings (Jorges Luis Borges)

For the curious, the nonfiction entries were:

  • To Mock a Mockingbird
  • Writing the Other
  • The Personal MBA
  • The Beginning of Infinity
  • The First 20 Minutes
  • Functional Programming in Scala
  • Voice and the Alexander Technique

I need to break out some more powerful tools (and more critically, more time) to generate stats on the rest.

 

0

The worst security breach of 2014

January 1, 2015

Here’s a prediction. The worst security breach of 2014 isn’t something you’ve heard about. Yet. I just got word that Chick-fil-a is investigating a potential credit card breach that goes back to 2013. Yikes.

‘So, Lone Star, now you see that security crackers will always triumph because people are dumb.’

0

Top Technology Failures of 2014

December 31, 2014

Difficult to rank, as there were so many. Here’s one attempt, focused more on innovation failures. Personally, that seems a bit harsh. Holding innovation to a predictable timeline is usually a bad bet.

More serious issues for day-to-day life come from outright failures, like countless data breaches, widespread security flaws, and other things that undermine confidence in shiny things. But that’s why we have fiction, right?

 

0

The amazing sleep experiment

December 20, 2014

I encourage all readers to try the experiment I did.

Every day, for at least ten consecutive days, go to sleep at least 1.5 hours earlier than you usually do. Wake up as usual, or when you naturally wake up.

I’ve read before that most people are in a state of sleep debt, and let me tell you, being paid off feels like nothing else. I wouldn’t exactly say I woke up feeling refreshed, but after the initial morning fuzz, I felt alert and in the moment in a way can’t remember feeling before.

Why? In my case, a changed eyeglasses prescription resulted in a crazy amount of eye strain, which is closely related to feeling tired and wiped out. It’s the “I need to rest my eyes” kind of tired more so than fatigue or mental fatigue. If by the end of the day I can hardly stand to read or look at a computer screen, then why not kick in early?

It took me about a week (or 1.5 * 7 = 10.5 hours of sleep) to really get caught up. It feels incredible.

Voluntarily cutting 1.5 prime hours of your day also has the nice side-effect of truly focusing your time-management skills. Even with tired eyes, I would still write, often with eyes closed. In order to do so, I had to severely cut back on other activities. Like what? Largely TV-watching time, and to a lesser extent internet-wasted time. These two the the empty calories of time management.

Gradually, my sleep schedule is drifting back to what it was once before. I’m getting separate compute glasses to address the original problem.

I’m interested in pushing sleep experiments to the next level, including something called segmented sleep, which involves an awake period between the two major chunks of nighttime sleep, but that will be the subject of a different posting.

 

Comments Off

Unicorn hunting

December 8, 2014

It’s become a trope: the super-smart hacker, faced with a highly secure system, frantically hammers on the keyboard for a few seconds (if it’s a really tough job, with a few pauses to show a thoughtful face) then another burst of activity, and they’re in.

What is the factual basis for this trope?

Only the tiniest grain of truth. In the end, knowledge is power. There are some long-dormant bugs out there, called by at least one source Rare Unicorns. These are extremely difficult to spot, and once they’re found, difficult to keep secret for long. In this particular case, a bug present since Windows95 allows any attacker to run any code they wish.

So the fictional hacker character needs to have spent insane amount of time doing personal security research, and in so doing amassed a number of Unicorn bugs, and kept them purely to themselves (as opposed to, say, selling the secrets to Russian hackers and raking in millions) until the crucial moment in the story when this knowledge is needed.

There are several tools, including fuzzing, that a security researcher could use. But any vulnerability found against common software (like Windows) using common tools would be well-known, relatively speaking, and of no use to the plot. Instead, this mythical hacker would need to craft their own tools from the ground up and keep them purely to themselves (as opposed to, say, creating a security consulting firm and raking in millions)

So if you write a fictional hacker–what does their backstory look like? If it doesn’t involve tens of thousands of hours alone behind a keyboard, you might be falling for the same trap that causes screenwriters to put huge, flashing red “Access Denied” notices on screens.

Comments Off

Re-learning to type

November 29, 2014

I got a new gadget called either an iGrip or alphaGrip (both names seem to be used somewhat interchangeably). Keyboard_AG5_main2

This gadget is described as an ergonomic keyboard, though careful to avoid any specific claims about being less likely to cause, say RSI. Indeed, it lets you lean back in your chair and keep your hands in a game-controller-ish position. It uses rocker switches on the bottom for pinky + ring + middle finger, plus a little more mobility with the pointer finger moving to four possible spots. Thumbs also do lots of duty with a few letters on the top. To get some idea of the layout, this diagram shows the underside keys.

A few of the keystrokes are the same as QWERTY–left-hand pinky for A for instance–but overall it involves a learning experience. I just typed a 300-character phrase on a learn-touch-typing app at a wopping 4 WPM. The creator suggests an hour of practice daily for 30-60 days. [This posting was decidedly NOT done with the alphaGrip. Too soon.]

cheat8I had hoped this would work with my Kindle as a really convenient way to work on the bus, but that won’t be easy. Even with the right adapter cable, the Kindle’s USB port is non-powered, so in addition to the Kindle and the keyboard gizmo, I’d need to carry around a powered hub plus a battery. A 4-piece setup is too unwieldily. AFAIK there is no Bluetooth version of the alphaGrip.

So far, I’ve lasted about as long on this gadget as I did the time I popped off all my keycaps and went full DVORAK. We’ll see how it goes. -m

Comments Off

Uber-dumb

November 20, 2014

I’m working on a novel with self-driving cars, privacy compromises, a persecuted journalist, and chock full of human failure. So this week’s Uber news couldn’t be more relevant.

Uber is a pretty good approximation the infrastructure basis of how self-driving vehicle travel might operate one day. The downside is that pretty much every trip goes into a big database somewhere. Who gets to look at that database? If you answered ‘just about anyone’ congratulations, you get a gold star. If you answered ‘the execs when they go after a critic of the company’ then you don’t get anything, because you read the articles already. The behavior of the creeper CEO before and after the indecent only emphasizes the main point:

The technology issues are tractable. The people issues, not so much.

Comments Off

Field Report: writing on a Kindle

November 12, 2014

I’m searching for the perfect setup to use for writing “on the go”. Day job commute involves a light rail ride and a shuttle ride (each way), and I’d like to be able to use the time to write. Simple enough.

I already have a Kindle HDX 7, so why not use that? I picked up a Bear Motion keyboard+case for the same. I took it out for the first serious spin today.

Pros: it’s a good little keyboard. Switch it on and it Just Works. The case is of nice quality. The keyboard itself is fully detachable, held only with magnets about as strong as a good piece of velcro.

Cons: The case is a little bit flopsy, which leads to ergonomic issues. It has a kickstand, but my lap is not a complementary surface relative to kickstands. The keys are small but touch-typable. My shoulders are significantly more than seven inches apart, so that makes my arms angle inward, then bend parallel again at the wrists. Ouch. (In fairness, any 7″ form factor device is likely to have similar issues.) The keyboard itself requires a fn-key combo to type single or double quotes, characters which occur frequently in writing.

Commute to and from, with two sections in each commute: After three bumpy 2o-minute segments, I had laid down 643 words, which compared to my recent sad run rate, is pretty good. I didn’t attempt to write  fourth session because my wrists hurt too much.

So, writing–yay! Wrist pain–danger Will Robinson!!

If I could work out the ergo issues better, I would be very happy. It feels like I would need about a six inch stack of books on my lap to hold the detached keyboard, and then somehow levitate (or velcro to the seat in front of me) the screen at about eye level. Yeah, that’d do it.

On the app side, I’m using Evernote. I’d love for there to be something more Scrivener-like. I have more to say about apps later.

What are your suggestions for ergonomic writing on the bus/train?

1

Heartbleed and the new reality

November 8, 2014

A few months ago a bug that came to be known as Heartbleed made the rounds. This is a serious bug that affects the most sensitive parts of the public internet, making it possible under the right conditions for almost anything that’s supposed to remain secret to be available for the asking. Passwords, banking info, almost any other kind of personal info–all out there. Less obviously, the internal keys that run the secure infrastructure itself are also at risk, so even after the bug gets patched, affected systems could still be compromised (by someone who now holds a copy of sensitive internal encryption keys). So fixing the bug alone isn’t enough–also ALL the internal passwords need to be changed.

As usual XKCD has a great visualization of the bug.

There are several factors that put this into a different category than other bugs. If your Microsoft Word crashes, that’s annoying and potentially personally catastrophic if you lose your precious data. But that kind of bug only affects one user at a time. You could ignore it (as millions apparently do) or press the manufacturer for a fix.

Heartbleed affects everyone. It attacks infrastructure. Imagine the postal system suddenly having all envelopes turn transparent. Imagine the voting system suddenly no longer being private. We only squeaked by because the huge segment of the internet using the affected software was able to quickly update to a newer version (though some ‘firmware’ version burned into routers, printers, etc. are more difficult to update). Since then, other bugs in the same vein have surfaced. Imagine if multiples of these kinds of bugs hit at the same time.

I can imagine a scenario where cross-dependencies among multiple critical bugs get so tangled that there isn’t an easy way out. Scary thought, but this is just the beginning…

Comments Off