Tuesday, December 15, 2009

Too Much Monkey Business




The lingo used by those of us who deal with computer security issues can be pretty opaque at times. Acronyms like CIAC, NAC, and RAT rub shoulders with neologisms like keylogger, phishing, and malware, and ominous-sounding phrases like “zero-day attack”. Their meanings are not always clear and most have little relevance to the daily lives of anyone who doesn’t have a propeller beanie or pocket protector.

There are, however, some terms for computer brain malfunctions that are similar to human brain malfunctions. Take, for example, the buffer overflow.

In computerese, a buffer is simply a short-term storage area for information. When I wrote this article, for example, it was stored in a buffer in my computer’s memory until I saved the file, when it was moved to long-term storage on the hard drive. There’s a limit to how much data the buffer can hold at one time, however, and if it gets flooded with too many bits too quickly it will overflow, the program will crash, and information will be lost. Viruses and other malicious programs use buffer overflows as an infection tactic.

Buffer overflows occur in the real world all the time. Have you ever gone to a party and been introduced to so many new people so quickly that you completely forgot most of them? Or attended a class that moved so quickly that you became completely lost? Buffer overflow. Like your computer, your brain has only so much short-term storage capacity.

Situations like the ones I just described are minor annoyances, but in the last couple of decades another, more troubling kind of human buffer overflow is starting to show up. It’s a function of the 24/7, “always on”, media-saturated environment in which we live – an environment that’s very new in human history and effectively unprecedented.

The problem is that we are simply bombarded by information every waking hour of our lives, from hundreds of cable, satellite and broadcast TV and radio channels, junk paper mail and email, and every possible type of media via the Internet.

Irrelevant trivia that, in an earlier age, simply wouldn’t have made the cut to publication is tossed into the mix along with genuinely critical political and economic information. There are so many outlets that the demand for material is staggering.

The result is that we in the Western world seem to be losing the ability to tell trash from truth, and are forgetting our own history, recent or distant. Our buffers are continually overflowing. We’re swamped in a flood of celebrity gossip, vacuous sound bites and, especially over the last several years, a constant drumbeat of fear — all of which makes us that much more susceptible to the latest corporate hustle or government propaganda campaign. The less we know about the real issues, the easier we are to manipulate.

There are, happily, some easy remedies:
  • Make “off” the default state for your TV. Turn it on only when there’s something that you particularly want to watch.
  • Do the same for your radio.
  • Get your news from a source that allows you to control what information you get and the speed at which you get it — a newspaper, news magazine, or news web site.
Finally, take time to think about what you’ve read and to discuss it with friends and family. Explaining a concept to others helps clarify your own thinking.

It might even prevent a mental system crash.

Tuesday, September 01, 2009

Absent Friends

[This is an expanded version of an article originally published in a local newspaper in January of 2008.]

For many years now, my wife and I have been hosting a New Year's Eve party. At the stroke of midnight, we pop the Champagne, sing “Auld Lang Syne” and offer a series of toasts to “Absent Friends” - people of note who shuffled off this mortal coil during the dying year.

The honored dead are usually celebrities of varying degrees of renown along with, on a few sad occasions, folks who were part of what we refer to as our “Extended Family”. This year, though, was unique because the list included two celebrities who weren't people at all: Alex and Washoe.

Alex, an African Grey parrot, and Washoe, a chimpanzee, were notable for their abilities to use language in ways that most of us humans assume are unique to us. In doing so, they helped psychologists and linguists better understand how language works. They also reminded us Homo sapiens types that we may not be quite as special as we like to think we are.

Of the two, Alex presents the more remarkable history. Most parrots can mimic human speech and other sounds, but what set Alex apart was his apparent understanding of what his 150-word vocabulary meant. He could identify shapes and colors and, as noted in the bird's New York Times obit, “he could express frustration, or apparent boredom, and his cognitive and language skills appeared to be about as competent as those in trained primates.”

Alex's last words - spoken to his trainer/mentor Dr. Irene Pepperberg as she covered his cage the night before his death - were: “You be good, see you tomorrow. I love you.”

Washoe the chimp had been something of a celebrity for decades. I first heard of her accomplishments in a graduate school learning theory class. Adopted by psychologists Allen and Beatrix Gardner, Washoe was taught to communicate with the Gardners, their students and, later, with other chimps using American Sign Language (ASL), the dominant sign language used by the Deaf community in the USA.

The Gardners used ASL because they felt that chimps lacked the physical apparatus to produce human speech. If chimps could communicate via ASL, it would suggest (among other things) that Noam Chomsky's assertion that linguistic ability was “hard wired” into humans alone might not be accurate.

Washoe succeeded admirably. By the time of her death, she had a working vocabulary of 250 signs and had even begun to pass on her knowledge to her son Louis. She used them, moreover, in ways that suggested an understanding of the concepts underlying the words. She communicated, in short, in ways that were strikingly human.

Not all scientists agreed on the significance of the accomplishments of Washoe and Alex, of course. Skeptics included not only Chomsky but also the Canadian psychologist Steven Pinker and semiotician Thomas Sebeok. And that's as it should be. A single case, striking as it may be, is significant only if it can be replicated; that's how science works.

And yet: those final words from Alex are haunting, and fraught with possibilities. If chimps, apes and even parrots are capable of something approximating human thought and feeling, what does the way we treat them say about us? Even more to the point: what are the moral implications of destroying their habitat for nothing more profound than our convenience and profit? Is it merely another form of “ethnic cleansing”?

We are not the captains of Spaceship Earth, only passengers. If Alex and Washoe are any indication, we should start treating our fellow travelers with a little more respect.

Tuesday, May 12, 2009

Subway Night

It was during the waning years of the Bush Reich that I decided my peace of mind would be enhanced if I just stopped listening to the news every day. Most of it was dire and almost none of it concerned events over which I exercised the slightest control, so I turned off the car radio and started stuffing the changer with selections from my classical CD collection.

Something resembling sanity may have returned, at least temporarily, to our nation's capital, but most of the news isn't significantly more encouraging and I still have no control over it.

All of which is just a roundabout way of explaining why I'm apparently the only one who didn't know about a subway collision in Boston that injured 49 people - including the nitwit operator of one of the trains who, it turns out, was texting his girlfriend when the crash occurred.

As reported in Computerworld, the agency that runs Boston's underground has, predictably, responded by calling for a ban on operators even carrying mobile devices - a response which largely missed the real problem.

That problem (as I noted here a little while ago) isn't that some lamebrain was texting while driving a multi-ton commuter vehicle. The problem is that he was giving his attention to something other than driving a multi-ton commuter vehicle. He was trying to multi-task despite the fact that human beings don't (indeed, can't) multi-task.

We can (and so) switch attention among different tasks, but that's not the same thing. If you're texting, smoking, drinking, eating, putting on makeup, or talking on a phone you are NOT attending to the rather demanding task of piloting a heavy vehicle at high speed. And it only takes a second of inattention to at the wrong time to create a disaster on the rails, the road - or in the sky.

Operating vehicles while impaired is what needs to be banned. Laws focused on specific sources of distraction (such as texting) miss the point and run the risk of becoming obsolete as soon as they are passed.

Tuesday, April 21, 2009

Sun Set?

Well, it's Monday. The parking garage was nearly full, the new screen saver my employers installed on my PC over the weekend locked it up so badly I had to do a hard reboot (ouch!) and Sun is in merger talks again, this time with Oracle. To paraphrase a lyric from Li'l Abner, it's a typical day in IT USA.

Unless you're part of the propeller beanie crowd (or a stockholder), you probably haven't paid much attention to Sun Microsystems' ongoing attempts to stay afloat in the current roiling economic waters, so here's a little background.

For what seemed like years, Sun had been in increasingly troubled merger talks with IBM, much to the alarm of many in the IT community, who saw it as a threat to both Sun's Solaris operating system and its Sparc hardware line. The deal would also have given IBM control of a majority (65%) of the world's UNIX servers - also a cause of unease.

The new deal with database giant Oracle would appear to set some of those fears at rest while raising others - mostly regarding the popular open-source database MySQL, which Sun acquired just last January. As Computerworld columnist Sharon Michlis mused in her April 20th column:

As MySQL becomes more successful in pushing into the enterprise, can Oracle executives resist seeing the open-source database as a threat to its own high-performing, capable but more costly offering?

All of this may seem pretty abstract to anyone who isn't involved in corporate IT or database development and I suppose it is, if viewed in isolation. As yet another example of the trend towards corporate mergers, however, it's disturbing. Competition is what makes capitalism work. The fewer companies there are competing for business, the less concerned they have to be with offering a quality product at a fair price and the more likely they are to come to Capitol Hill, platinum cup in hand, begging for bailouts.

We've already seen what happens when companies become “too big to fail”. Isn't it about time Federal regulators started enforcing anti-trust laws that were created to keep our capitalist system healthy in the first place? The merged Oracle/Sun entity might look healthy now, but then so did AIG and Citicorp.

Sunday, April 19, 2009

Mad Tea Party

Well, tax time has come and gone, so one hopes that we've heard that last of this Astroturf “tea party” movement - unless Faux News decides to continue sponsoring it as aggressively as they have to date.

I won't bore you with the details or why it's all so stunningly hypocritical to see a bunch of middle-class white folks whining about paying the taxes that make their comfortable middle-class life possible. Besides, the picture accompanying this rant neatly labels some of the things taxes pay for and without which the protestors would have been, as they say, SOL. As they say in The Moon is a Harsh Mistress, there ain't no such thing as a free lunch.

What does this have to do with technology? Quite a bit, actually.

To begin with, the Internet - that world-wide network of networks that makes it possible for you to read this and for the tax protesters to organize and distribute their grievance lists - exists only because tax dollars were spent to create its foundation.

Yes, kids, the Internet - that Holy of Holies for the libertarian, “all government stinks” movement - began life as a government-funded project called ARPANet in the 1960s. Initially built by BBN with Defense Department funds, the nascent network had only four nodes, three of which were at public (as in “taxpayer funded”) universities. It would be decades before it grew robust enough to stand on its own and attract tons of venture capital.

There's nothing surprising about this. Basic research - the intellectual heavy lifting that must precede any big technological advance - is always expensive and rarely yields a short-term payoff. It's the sort of thing that governments do well and that business, with its myopic focus on the short-term bottom line, no longer does at all.

If the Tea Party crowd had its way, none of this would happen and we'd all be worse off for it. Heck, according to some analysts, we're already pretty far down that increasingly ill-paved road already thanks to eight years reckless spending on unnecessary foreign adventures coupled with a steady decrease in funding for research.

In his Principles of Economics Gregory Mankiw (former chairman, ironically, of Boy George's Council of Economic Advisors) notes: "To get one thing that we like, we usually have to give up another thing that we like. Making decisions requires trading off one goal against another."

You like having police and fire protection, roads, bridges, water and sewer service, a functioning court system, an ever-expanding prison system, disaster recovery assistance, a standing army, public education, libraries, and an entire regulatory infrastructure to discourage fraud and enforce contracts? Well, you can't have all that without giving up something else you also like (money) at tax time - especially when you combine all those things with multiple wars of invasion and occupation.

So the next time you get an email whining about taxes, remind the sender that taxes are what made it possible for the email to be sent in the first place. There's no free lunch. Deal with it.

Wednesday, April 08, 2009

Son of Chinese Rock

He's baaack!

Yes, dear friends, the Technology Curmudgeon has returned from a long hiatus (largely due to activities centered in the other half of his brain) to once again remind you that inside of every InfoTech silver lining (or Silverlight, for that matter) is a big, dark cloud.

This time it's a cloud I warned you all about two years ago. Then it was an ominous thunderhead. Now it's starting to look more like Hurricane Katrina. And we're just about as well prepared for it.

I refer, of course, to the ongoing cyberwar between the USA and China.

No, you probably haven't read about it in the corporate media. Sure, you might have noticed, down around the third or fourth paragraph, a mention of the fact the recent conficker worm likely originated in China. But for the most part it's only infosec professionals who are aware of the fact that China-based attacks against domestic targets, public and private, have been going on for quite some time now.

That may be about to change. As reported in the April 8th Wall Street Journal and Computerworld: “[c]yperspies from China, Russia and elsewhere have gained access to the U.S. electrical grid and installed malware tools that could be used to shut down service”.

As the WSJ article states:

The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war.

"The Chinese have attempted to map our infrastructure, such as the electrical grid," said a senior intelligence official. "So have the Russians."

The espionage appeared pervasive across the U.S. and doesn't target a particular company or region, said a former Department of Homeland Security official. "There are intrusions, and they are growing," the former official said, referring to electrical systems. "There were a lot last year."

Many of the intrusions were detected not by the companies in charge of the infrastructure but by U.S. intelligence agencies,
[emphasis added] officials said. Intelligence officials worry about cyber attackers taking control of electrical facilities, a nuclear power plant or financial networks via the Internet.

Authorities investigating the intrusions have found software tools left behind that could be used to destroy infrastructure components, the senior intelligence official said. He added, "If we go to war with them, they will try to turn them on."

Officials said water, sewage and other infrastructure systems also were at risk.

Oh, frabjous day.

Let's see where we stand now. Pretty much all of our manufacturing is now done in Chinese sweatshops. China has been keeping our spendthrift economy afloat by buying dollars. US firms are shipping IT jobs and infrastructure to China as quickly as possible with, ironically, enthusiastic support from the likes of the WSJ. And now they might have a stranglehold on our power grid, thanks in part to lack of attention to security by power companies.

Or, as the WSJ puts it: “The growing reliance of utilities on Internet-based communication has increased the vulnerability of control systems to spies and hackers, according to government reports.”

This is madness. Anyone who knows anything about the Internet understands that it is an inherently insecure system. Why would utilities rely on something like that? Could it be because, in the aftermath of the deregulation mania of the last decade, power companies (like other corporations) don't want to spend money on anything that doesn't promise a quick profit?

Security costs money. Sure, not securing your cyber-assets could cost you the entire business but, as we have seen recently, companies that are “too big to fail” don't have to worry about that.

So - where will you be when the lights go out?